CVE-2018-1000516

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000516

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000516.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000516

Aliases

Published

2018-06-26T16:29:01Z

Modified

2025-07-01T05:01:40.139222Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01.

References

https://galaxyproject.org/archive/dev-news-briefs/2015-01-13/#security

Affected packages

Git / github.com/galaxyproject/galaxy

Affected ranges

Type: GIT
Repo: https://github.com/galaxyproject/galaxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1c9aded3b93068f5e364b66434747b63afe2a0e5

Affected versions

v13.*

v13.01

v13.02

v13.04

v13.06

v13.08

v13.11

v14.*

v14.02

v14.04

v14.06

v14.08

v14.10