VYPR
Unrated severityNVD Advisory· Published Nov 11, 2018· Updated Sep 16, 2024

CVE-2018-19170

CVE-2018-19170

Description

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.

Affected products

2
  • Jpressprojects/Jpressinferred2 versions
    = 1.0-rc.5+ 1 more
    • (no CPE)range: = 1.0-rc.5
    • (no CPE)range: = v1.0-rc.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.