In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
CPE | Name | Operator | Version |
---|---|---|---|
codechecker | eq | 4.0 | |
codechecker | eq | 6.1 | |
codechecker | eq | 6.2 | |
codechecker | eq | 6.0 | |
codechecker | eq | 5.7 | |
codechecker | eq | 6.18.0 | |
codechecker | eq | 5.2 | |
codechecker | eq | 5.6 | |
codechecker | eq | 5.10 | |
codechecker | eq | 6.9.1 |