Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-24T17:00:00

Updated: 2024-08-05T05:40:51.154Z

Reserved: 2018-01-16T00:00:00

Link: CVE-2018-5705

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-24T17:29:00.250

Modified: 2024-11-21T04:09:12.600

Link: CVE-2018-5705

cve-icon Redhat

No data.