wg7.php in Webgalamb 7.0 makes... CVE-2018-19509

4.3 AV AC AU C I A
发布: 2019-03-21
修订: 2019-03-21

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.

0%

漏洞利用/PoC

当前有1条漏洞利用/PoC

受影响的平台与产品

当前有1条受影响产品信息