CVE-2018-25050

🗓️ 28 Dec 2022 09:04:39Reported by VulDBType

Vulnerability in Harvest Chosen up to 1.8.6 allows remote attackers to conduct cross-site scripting via manipulation of the group_label argument in abstract-chosen.coffee file

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2018-25050	28 Dec 202212:12	–	circl
CNNVD	Harvest Chosen 跨站脚本漏洞	28 Dec 202200:00	–	cnnvd
Cvelist	CVE-2018-25050 Harvest Chosen abstract-chosen.coffee AbstractChosen cross site scripting	28 Dec 202209:04	–	cvelist
EUVD	EUVD-2022-7770	3 Oct 202520:07	–	euvd
Github Security Blog	Harvest Chosen vulnerable to Cross-site Scripting	28 Dec 202212:30	–	github
Tenable Nessus	Nessus Network Monitor < 6.3.0 Multiple Vulnerabilities (TNS-2023-34)	26 Oct 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2018-25050	10 Sep 202500:00	–	nessus
NVD	CVE-2018-25050	28 Dec 202210:15	–	nvd
OpenVAS	Tenable Nessus Network Monitor < 6.3.0 Multiple Vulnerabilities (TNS-2023-34)	27 Oct 202300:00	–	openvas
OSV	GHSA-X5Q4-M45M-FM94 Harvest Chosen vulnerable to Cross-site Scripting	28 Dec 202212:30	–	osv

NVD

Vulners

Node

getharvest chosenRange<1.8.7

[
  {
    "vendor": "Harvest",
    "product": "Chosen",
    "versions": [
      {
        "version": "1.8.0",
        "status": "affected"
      },
      {
        "version": "1.8.1",
        "status": "affected"
      },
      {
        "version": "1.8.2",
        "status": "affected"
      },
      {
        "version": "1.8.3",
        "status": "affected"
      },
      {
        "version": "1.8.4",
        "status": "affected"
      },
      {
        "version": "1.8.5",
        "status": "affected"
      },
      {
        "version": "1.8.6",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/harvesthq/chosen/pull/2997
github	www.github.com/harvesthq/chosen/commit/77fd031d541e77510268d1041ed37798fdd1017e
github	www.github.com/harvesthq/chosen/releases/tag/v1.8.7
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

21 Nov 2024 04:03Current

5Medium risk

Vulners AI Score5

CVSS 3.13.5 - 6.1

CVSS 33.5

EPSS0.00517

SSVC

CWE-79