Medium severity6.1NVD Advisory· Published Mar 21, 2019· Updated Jun 17, 2026
CVE-2018-19509
CVE-2018-19509
Description
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2019/Jan/15nvdExploitMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.