CVE-2018-14380

Опубликовано: 18 июл. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.

Ссылки

https://github.com/Graylog2/graylog2-server/pull/4904
Third Party Advisory
https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
Patch
Release Notes
Vendor Advisory
https://github.com/Graylog2/graylog2-server/pull/4904
Third Party Advisory
https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
Patch
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*

Версия до 2.4.6 (исключая)

EPSS

Процентиль: 50%

0.00265

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-14380

CVSS3: 6.1

debian

больше 7 лет назад

In Graylog before 2.4.6, XSS was possible in typeahead components, rel ...

GHSA-38hf-xjmx-jrh8

CVSS3: 6.1

github

больше 3 лет назад

Cross-site Scripting in Graylog Server

EPSS

Процентиль: 50%

0.00265

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79