CVE-2018-1000611

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000611

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000611.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000611

Published

2018-07-09T20:29:00Z

Modified

2024-11-21T03:40:13Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL.

References

https://github.com/OpenConext/OpenConext-engineblock/pull/563/files

Affected packages

Git / github.com/openconext/openconext-engineblock

Affected ranges

Type: GIT
Repo: https://github.com/openconext/openconext-engineblock
Events: Introduced

3f0454532a52bcc1eebf2782462e119b02ff9cc4

Last affected

a76e88059ebb6d0110931244575ec6626c5fbcb1