PT-2018-17944 · Rainlab+1 · Rainlab Blog Plugin+1

Samrat Das

Publicado

2018-02-18

Atualizado

2022-05-13

CVE-2018-7198

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions October CMS versions through 1.0.431 The RainLab Blog Plugin used in October CMS versions through 1.0.431

Description The issue allows for XSS by entering HTML on the Add Posts page. This can be exploited through the RainLab Blog Plugin.

Recommendations For October CMS versions through 1.0.431, update to a version that includes a fix for this issue. For The RainLab Blog Plugin used in October CMS versions through 1.0.431, consider disabling the plugin until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-7198

GHSA-96MH-7XPR-QCGW

Produtos afetados

October Cms

Rainlab Blog Plugin

PT-2018-17944 · Rainlab+1 · Rainlab Blog Plugin+1

CVE-2018-7198

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7