CVE-2018-1000529

MEDIUM

Grails Fields <2.2.8 - XSS

Title source: llm

Description

Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.

Exploits (1)

nomisec WORKING POC

by martinfrancois · poc

https://github.com/martinfrancois/CVE-2018-1000529

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/grails-fields-plugin/grails-fields/issues/278

[Third Party Advisory] https://github.com/martinfrancois/CVE-2018-1000529

Scores

CVSS v3 6.1

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

grails/grails_fields 2.2.7

org.grails/grails-core 0 - 3.3.6Maven

org.grails.plugins/fields 0 - 2.2.8Maven

Published Jun 26, 2018

Tracked Since Feb 18, 2026