Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-24T17:00:00
Updated: 2024-08-05T05:40:51.154Z
Reserved: 2018-01-16T00:00:00
Link: CVE-2018-5705
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-24T17:29:00.250
Modified: 2024-11-21T04:09:12.600
Link: CVE-2018-5705
Redhat
No data.