3 matches found
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...
CVE-2018-16248
CVE-2018-16248 affects b3log Solo 2.9.3. An XSS flaw exists in the Input page under the “Publish Articles” menu, where the articleTags field stored in the tag JSON enables an admin-authenticated HTTP request to inject arbitrary scripts via a crafted site name. The vulnerability is caused by insuf...