CVE-2018-11352 Information

Description

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.bishopfox.com/news/2018/09/wallabag-2-2-3-to-2-3-2-stored-cross-site-scripting/

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.0