PT-2018-5243 · Elabftw · Elabftw
Prodigysml
·
Published
2018-01-03
·
Updated
2018-01-17
·
CVE-2017-1000478
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ELabftw version 1.7.8
Description
The issue concerns stored cross-site scripting in the experiment infos component, which can lead to the arbitrary execution of JavaScript and denial of service.
Recommendations
For ELabftw version 1.7.8, update to a version that fixes the stored cross-site scripting issue in the experiment infos component to prevent arbitrary JavaScript execution and denial of service.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elabftw