CVE-2018-1000611
OpenConext EngineBlock vulnerable in versions 5.7.0–5.7.3 to a Cross Site Scripting (XSS) vulnerability that can inject arbitrary web scripts/HTML into help and login pages when a user opens a specially crafted URL. Root cause details indicate improper handling in the affected UI paths (as descri...