First published: Fri Sep 28 2018(Updated: )
The Image Import function in XWiki through 10.7 has XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.xwiki.platform:xwiki-platform | <=10.7 | |
Xwiki | <=10.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16277 is classified as a moderate severity vulnerability due to its potential for cross-site scripting (XSS).
To fix CVE-2018-16277, upgrade to XWiki version 10.8 or later to eliminate the XSS vulnerability in the Image Import function.
CVE-2018-16277 affects all XWiki versions up to and including 10.7.
CVE-2018-16277 can be exploited to perform cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages.
Yes, it is recommended to review and implement additional security practices to safeguard against future vulnerabilities, even after fixing CVE-2018-16277.