CVE-2018-7652
MEDIUMZonemaster Web GUI < 1.0.11 - Cross-Site Scripting in Export.pm
Title source: llmDescription
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/dotse/zonemaster-gui/pull/218
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/dotse/zonemaster-gui/releases/tag/v1.0.11
Patch, Third Party Advisory x_refsource_confirm
https://github.com/dotse/zonemaster-gui/commit/568e8db44930fda4563c1e708a2440909fd8e5fe
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/dotse/zonemaster-gui/issues/217
Scores
CVSS v3
6.1
EPSS
0.0123
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zonemaster/zonemaster_web_gui
< 1.0.11
Published
Mar 04, 2018
Tracked Since
Feb 18, 2026