A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was published 12/28/2022 as d345e6bc7798bd717a583ec7f545ca387819d5c7. The advisory is shared for download at github.com. This vulnerability is traded as CVE-2018-25054. It is possible to launch the attack remotely. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1059.007. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.