Lucene search

CVE-2018-6824

🗓️ 07 Feb 2018 17:01:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 29 Views🌐 WEB

Cozy version 2 XSS vulnerability via /api/proxy UR

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
Prion	Cross site request forgery (csrf)	7 Feb 201817:29	–	prion
NVD	CVE-2018-6824	7 Feb 201817:29	–	nvd
Cvelist	CVE-2018-6824	7 Feb 201817:00	–	cvelist
Veracode	Remote Code Execution (RCE)	12 Dec 201803:59	–	veracode

Nvd

Node

cozy cozyMatch2.0

Source	Link
lynxsecurity	www.lynxsecurity.io/releases/XSS%20to%20Account%20Takeover%20in%20Cozy%20Cloud.pdf

Parameter	Position	Path	Description	CWE
url	query param	/api/proxy	CWE-79: XSS vulnerability allowing execution of JavaScript code leading to administrative access.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Feb 2018 17:29Current

6.1Medium risk

Vulners AI Score6.1

CVSS24.3

CVSS36.1

EPSS0.00233

CWE-79

cozy version 2 xss vulnerability api proxy uri nvd cve-2018-6824