PT-2018-10506 · Yunohost · Yunohost
Published
2018-12-04
·
Updated
2018-12-27
·
CVE-2018-11348
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YunoHost versions 2.7.2 through 2.7.14
Description
The issue is related to two XSS vulnerabilities found in the profile edition page of the user panel of the YunoHost web application. These flaws can be exploited by injecting a JavaScript payload, potentially allowing manipulation of a user's session.
Recommendations
For YunoHost versions 2.7.2 through 2.7.14, consider restricting access to the profile edition page of the user panel until a fix is available. As a temporary workaround, avoid using the profile edition feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yunohost