CVE-2018-5705

Name of the Vulnerable Software and Affected Versions: Reservo Image Hosting version 1.6

Description: The issue allows for XSS attacks, potentially enabling attackers to steal user sessions, including those of administrators, by executing malicious code when an infected URL is accessed. This is particularly concerning due to the presence of a user/admin login interface. The vulnerability is specifically related to the search engine function, which is accessible through the "t" parameter to the "/search" URI.

Recommendations: For Reservo Image Hosting version 1.6, consider disabling the search engine function or restricting access to the /search URI until a fix is available. Additionally, avoid using the t parameter in the /search URI to minimize the risk of exploitation.