Vulnerability Details CVE-2018-16805
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.8%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5