b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request.
References
Link | Resource |
---|---|
https://github.com/b3log/solo/issues/12489 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-20T15:46:52
Updated: 2019-06-20T15:46:52
Reserved: 2018-08-30T00:00:00
Link: CVE-2018-16248
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-20T16:15:11.133
Modified: 2019-06-21T12:27:09.303
Link: CVE-2018-16248
JSON object: View
Redhat Information
No data.
CWE