VYPR
Medium severity5.4NVD Advisory· Published Dec 4, 2018· Updated Jun 17, 2026

CVE-2018-11348

CVE-2018-11348

Description

Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.

Affected products

2
  • Yunohost/Yunohostinferred2 versions
    >=2.7.2,<=2.7.14+ 1 more
    • (no CPE)range: >=2.7.2,<=2.7.14
    • (no CPE)range: 2.7.2 - 2.7.14

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.