CVE-2018-7663

Name of the Vulnerable Software and Affected Versions Voten.co versions prior to 2017-08-25

Description An issue was discovered in the bio field of a user profile, allowing for server-side template injection of arbitrary JavaScript due to an unescaped template literal in resources/views/layouts/app.blade.php.

Recommendations For versions prior to 2017-08-25, update to a version released after 2017-08-25 to resolve the issue. As a temporary workaround, consider restricting user input in the bio field to prevent arbitrary JavaScript injection until a patch is available.