CVE-2018-19089
on github
Published
Severity
CVSS v3:
5.4 MEDIUM
CVSS v2:
3.5 LOW
Description
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:tianti_project:tianti:2.3:*:*:*:*:*:*:* | n/a | n/a | 2.3 |