CVE-2018-10268

MEDIUM

FastAdmin V1.0.0.20180417_beta - XSS

Title source: llm

Description

An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.

Exploits (1)

gitee 6,913 stars
by karson · phpwriteup
https://gitee.com/karson/fastadmin/issues/IJ7YZ

References (1)

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 42.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
fastadmin/fastadmin 1.0.0.20180417 beta
Published Apr 22, 2018
Tracked Since Feb 18, 2026