2 matches found
CVE-2018-19509
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...
CVE-2018-19509
CVE-2018-19509 affects Webgalamb 7.0 (wg7.php) where a templating engine with proper contextual encoding is not used, and htmlspecialchars() is used opportunistically. Root cause: insufficient contextual encoding, allowing insertion of arbitrary strings into the database, which could enable JavaS...