PT-2018-14904 · Mubu · Mubu Note
Published
2018-11-15
·
Updated
2020-06-25
·
CVE-2018-19286
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
mubu note version 2018-11-11
Description
The issue allows for XSS by configuring an account with a crafted
name value, along with an arbitrary username value, and then creating and sharing a note.Recommendations
For mubu note version 2018-11-11, as a temporary workaround, consider restricting the ability to create and share notes until a patch is available. Avoid using crafted
name values in account configurations to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mubu Note