CVE-2018-3748 in Glanceinformazioni

Riassunto

di MITRE

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

28/12/2017

Divulgazione

03/07/2018

Moderazione

accettato

Voce

VDB-120271

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

6.1 (NVD)

EPSS

0.00759

KEV

Attività

molto basso

Settore

Hostingprovider, Finance, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-3748
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-3748
CVE Details	https://www.cvedetails.com/cve/CVE-2018-3748/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!