CVE-2018-7663 in Voten.coinfo

Summary

An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript that is executed upon viewing the attacker's profile.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

03/04/2018

Disclosure

03/05/2018

Moderation

VulDB entry created

Entries

1: VDB-114093

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

6.6

EPSS

0.00240

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-7663
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-7663
CVE Details	https://www.cvedetails.com/cve/CVE-2018-7663/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!