CVE-2018-18635
MEDIUMMailCleaner 2018.08-2018.09 - Cross-Site Scripting via Admin Login PATH_INFO
Title source: llmDescription
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/MailCleaner/MailCleaner/issues/53
Patch, Third Party Advisory x_refsource_misc
https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8
Scores
CVSS v3
6.1
EPSS
0.0095
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
mailcleaner/mailcleaner
2018.08
mailcleaner/mailcleaner
2018.09
Published
Oct 24, 2018
Tracked Since
Feb 18, 2026