Vulnerability Details CVE-2018-11348
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2018-11348
-
cpe:2.3:o:yunohost:yunohost:2.7.10
-
cpe:2.3:o:yunohost:yunohost:2.7.11
-
cpe:2.3:o:yunohost:yunohost:2.7.11.1
-
cpe:2.3:o:yunohost:yunohost:2.7.12
-
cpe:2.3:o:yunohost:yunohost:2.7.13
-
cpe:2.3:o:yunohost:yunohost:2.7.13.1
-
cpe:2.3:o:yunohost:yunohost:2.7.13.2
-
cpe:2.3:o:yunohost:yunohost:2.7.13.3
-
cpe:2.3:o:yunohost:yunohost:2.7.13.4
-
cpe:2.3:o:yunohost:yunohost:2.7.13.5
-
cpe:2.3:o:yunohost:yunohost:2.7.13.6
-
cpe:2.3:o:yunohost:yunohost:2.7.14
-
cpe:2.3:o:yunohost:yunohost:2.7.2
-
cpe:2.3:o:yunohost:yunohost:2.7.3
-
cpe:2.3:o:yunohost:yunohost:2.7.4
-
cpe:2.3:o:yunohost:yunohost:2.7.5
-
cpe:2.3:o:yunohost:yunohost:2.7.6
-
cpe:2.3:o:yunohost:yunohost:2.7.6.1
-
cpe:2.3:o:yunohost:yunohost:2.7.7
-
cpe:2.3:o:yunohost:yunohost:2.7.8
-
cpe:2.3:o:yunohost:yunohost:2.7.9