In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.
References
Link | Resource |
---|---|
https://github.com/b3log/solo/issues/12501 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T23:00:00
Updated: 2018-09-10T23:57:01
Reserved: 2018-09-10T00:00:00
Link: CVE-2018-16805
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-10T23:29:00.253
Modified: 2018-11-09T16:06:07.057
Link: CVE-2018-16805
JSON object: View
Redhat Information
No data.
CWE