CVE-2018-0603 — Cross-site Scripting in Site Reviews

CWE-79 — Cross-site Scripting6 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Geminilabs Site Reviews Gemini Labs Site Reviews

Timeline

PublishedJun 26

Latest updateMay 14

Description

Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDgeminilabs/site_reviews< 2.15.3

▶CVEListV5gemini_labs/site_reviewsprior to version 2.15.3

🔴Vulnerability Details

GHSA

GHSA-46rm-6xmg-3mgq: Cross-site scripting vulnerability in Site Reviews versions prior to 2↗2022-05-14

▶

CVEList

CVE-2018-0603: Cross-site scripting vulnerability in Site Reviews versions prior to 2↗2018-06-26

▶

💥Exploits & PoCs

Exploit-DB

GreenCMS 2.3.0603 - Information Disclosure↗2018-06-22

▶

Exploit-DB

GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution↗2018-06-03

▶

Exploit-DB

GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)↗2018-06-03

▶