CVE-2018-11352 — MEDIUM (4.0)

Q: How severe is CVE-2018-11352?

CVE-2018-11352 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-11352?

Check the references section above for vendor advisories and patch information. Affected products include: Wallabag Wallabag.

Vulnerability Description

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.

CVSS Score

4.0

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wallabag	Wallabag	>= 2.2.3, <= 2.3.2

Related Weaknesses (CWE)

CWE-79

References

https://www.bishopfox.com/news/2018/09/wallabag-2-2-3-to-2-3-2-stored-cross-siteExploitThird Party Advisory
https://www.bishopfox.com/news/2018/09/wallabag-2-2-3-to-2-3-2-stored-cross-siteExploitThird Party Advisory

FAQ

What is CVE-2018-11352?

CVE-2018-11352 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScri...

How severe is CVE-2018-11352?

CVE-2018-11352 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-11352?

Check the references section above for vendor advisories and patch information. Affected products include: Wallabag Wallabag.