Lucene search
GoogleOSV:GHSA-7MJ4-2984-955FHistoryMay 14, 2022 - 1:57 a.m.
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
2022-05-1401:57:26
Google
osv.dev
1
0.002 Low
EPSS
Percentile
52.1%
A stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image filename field.
| CPE | Name | Operator | Version |
|---|---|---|---|
| alchemy_cms | eq | 4.1.0 |
References
packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html
github.com/AlchemyCMS/alchemy_cms
github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15
github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5
github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21
nvd.nist.gov/vuln/detail/CVE-2018-18307
Related
nvd
nvd
CVE-2018-18307
2018-10-16 22:29:01
packetstorm
packetstorm
Alchemy CMS 4.1-Stable Cross Site Scripting
2018-10-14 00:00:00
cve
cve
CVE-2018-18307
2018-10-16 22:29:01
veracode
veracode
Cross-site Scripting (XSS)
2018-10-16 05:35:52
cvelist
cvelist
CVE-2018-18307
2018-10-16 00:00:00
prion
prion
Cross site scripting
2018-10-16 22:29:00
github
github
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
2022-05-14 01:57:26