Description
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- unspecified / automad1.10.0 – 1.10.0
- unspecified / automad1.10.1 – 1.10.1
- unspecified / automad1.10.2 – 1.10.2
- unspecified / automad1.10.3 – 1.10.3
- unspecified / automad1.10.4 – 1.10.4
- unspecified / automad1.10.5 – 1.10.5
- unspecified / automad1.10.6 – 1.10.6
- unspecified / automad1.10.7 – 1.10.7
- unspecified / automad1.10.8 – 1.10.8
- unspecified / automad1.10.9 – 1.10.9