VYPR
Unrated severityOSV Advisory· Published Mar 18, 2019· Updated Aug 4, 2024

CVE-2019-9094

CVE-2019-9094

Description

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.

Affected products

2
  • Humhub/HumhubOSV2 versions
    v0.11.0, v0.11.1, v0.11.2, …+ 1 more
    • (no CPE)range: v0.11.0, v0.11.1, v0.11.2, …
    • (no CPE)range: =1.3.10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.