XSS Vulnerability in Chevereto Free Prior to 1.0.13
CVE-2018-12030

5.4MEDIUM

Key Information:

Vendor

Chevereto

Status
Vendor
CVE Published:
15 June 2018

What is CVE-2018-12030?

Chevereto Free versions prior to 1.0.13 exhibit a Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages viewed by other users. Successful exploitation could lead to session hijacking, defacement, or redirecting users to malicious sites. It is crucial for users of affected versions to upgrade to the latest release to safeguard their applications.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.