PT-2018-14907 · Valine · Valine

Passer6Yo

Published

2018-11-15

Updated

2020-08-24

CVE-2018-19289

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Valine version 1.3.3

Description An issue in Valine allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

Recommendations For Valine version 1.3.3, consider disabling the ability to embed files, especially .pdf files, until a patch is available to prevent HTML injection and potential JavaScript execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-19289

GHSA-HHRP-QM88-XJR3

Affected Products

Valine

PT-2018-14907 · Valine · Valine

CVE-2018-19289

Weakness Enumeration

Related Identifiers

Affected Products

References · 7