CVE-2018-12919

In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.
References
Link Resource
https://github.com/lzlzh2016/CraftedWeb/blob/master/xss.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:craftedweb_project:craftedweb:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-27 18:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-12919

Mitre link : CVE-2018-12919

CVE.ORG link : CVE-2018-12919


JSON object : View

Products Affected

craftedweb_project

  • craftedweb
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')