CVE-2018-19146 - CERT CVE
ID CVE-2018-19146
Sažetak Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Reference
CVSS
Base: 3.5
Impact: 2.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:S/C:N/I:P/A:N
Zadnje važnije ažuriranje 15-07-2021 - 20:43
Objavljeno 17-06-2019 - 20:15