PT-2018-18437 · Bui · Bui

Published

2018-03-14

Updated

2018-04-09

CVE-2018-8108

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: bui through 2018-03-13

Description: The issue arises from the select component performing an escape operation on already-escaped text. This can lead to a cross-site scripting (XSS) attack, as demonstrated by the workGroupList text.

Recommendations: For bui through 2018-03-13, consider disabling the select component temporarily until a fix is available to prevent potential XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-8108

Affected Products

Bui

PT-2018-18437 · Bui · Bui

CVE-2018-8108

Weakness Enumeration

Related Identifiers

Affected Products

References · 2