2 matches found
CVE-2018-16248
CVE-2018-16248 affects b3log Solo 2.9.3. An XSS flaw exists in the Input page under the “Publish Articles” menu, where the articleTags field stored in the tag JSON enables an admin-authenticated HTTP request to inject arbitrary scripts via a crafted site name. The vulnerability is caused by insuf...
CVE-2018-16805
In CVE-2018-16805, the affected software is b3log Solo 2.9.3. The vulnerability is a cross-site scripting (XSS) flaw on the Input page under Publish Articles, where an ID named linkAddress stored in the link JSON field can be exploited to inject arbitrary Web scripts or HTML via a crafted site na...