PT-2018-16838 · Shaarli · Shaarli
Virtualtam
·
Publicado
2018-01-05
·
Atualizado
2018-01-17
·
CVE-2018-5249
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shaarli versions prior to 0.8.5
Shaarli versions 0.9.x prior to 0.9.3
Description
The issue allows remote attackers to inject arbitrary code via the login form's
username field, which is passed to the ban canLogin function in index.php. This enables attackers to execute malicious scripts on the client-side.Recommendations
For versions prior to 0.8.5, update to version 0.8.5 or later.
For versions 0.9.x prior to 0.9.3, update to version 0.9.3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Shaarli