CVE-2018-25051

2022-12-2812:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-25051

jmpotato pomash

cross site scripting

remote attack

security patch

vdb-216957

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

A vulnerability, which was classified as problematic, was found in JmPotato Pomash. This affects an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the argument article.title/content.title/article.tag leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be1914ef0a6808e00f51618b2de92496a3604415. It is recommended to apply a patch to fix this issue. The identifier VDB-216957 was assigned to this vulnerability.

Affected configurations

NVD

Node

pomash_projectpomashRange<2018-12-29

CPENameOperatorVersion
pomash_project:pomashpomash project pomashlt2018-12-29

CPE	Name	Operator	Version
pomash_project:pomash	pomash project pomash	lt	2018-12-29

CNA Affected

[
  {
    "vendor": "JmPotato",
    "product": "Pomash",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]