-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2018-18307.yml
More file actions
25 lines (25 loc) · 1.12 KB
/
CVE-2018-18307.yml
File metadata and controls
25 lines (25 loc) · 1.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
---
gem: alchemy_cms
cve: 2018-18307
ghsa: 7mj4-2984-955f
url: https://nvd.nist.gov/vuln/detail/CVE-2018-18307
title: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
date: 2022-05-14
description: |
A stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS
via the /admin/pictures image filename field.
cvss_v3: 5.9
unaffected_versions:
- "< 4.1.0"
patched_versions:
- ">= 7.4.10"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2018-18307
- http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html
- https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15
- https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5
- https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21
- https://github.com/AlchemyCMS/alchemy_cms/pull/3375
- https://github.com/AlchemyCMS/alchemy_cms/releases/tag/v7.4.10
- https://github.com/advisories/GHSA-7mj4-2984-955f