CVE-2018-3748 Information

Description

There is a Stored XSS vulnerability in the glance node module versions = 3.0.5. File name which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in a element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://hackerone.com/reports/310133

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1