2 matches found
Cross site scripting
The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting XSS. An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies...
CVE-2018-15903
The CVE-2018-15903 vulnerability affects Claromentis Discuss v1.2.1 integrated in Claromentis 8.2.2. It is a stored XSS in the Discuss module that an authenticated, low-privilege user can exploit via the discussion forum on the login landing page to steal high-privilege cookies and hijack an elev...