Name of the Vulnerable Software and Affected Versions redis-commander versions (affected versions not specified)

Description The issue is related to a cross-site scripting vulnerability in the highlighterId parameter of the clipboard.swf component. This vulnerability can be exploited when Flash is installed and enabled. A proof of concept has been verified using Firefox 57.0 on Windows 10 with the Flash NPAPI Windows plugin installed. The vulnerability can be triggered through a specific URL, including the highlighterId parameter with malicious input.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider using an alternative, functionally equivalent package, or use extreme caution when using redis-commander, ensuring that redis-commander is the only web page you have open, and avoiding clicking on any links.