In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/b3log/solo/issues/12501 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T23:00:00
Updated: 2024-08-05T10:32:54.018Z
Reserved: 2018-09-10T00:00:00
Link: CVE-2018-16805
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-10T23:29:00.253
Modified: 2024-11-21T03:53:23.030
Link: CVE-2018-16805
Redhat
No data.