CVE-2018-17572 — Cross-site Scripting in Influxdata Influxdb

CWE-79 — Cross-site Scripting9 documents6 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 44.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Influxdata Influxdb Github.com Influxdata Influxdb Debian Influxdb

Timeline

PublishedMar 2

Latest updateMay 24

Description

InfluxDB 0.9.5 has Reflected XSS in the Write Data module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶Gogithub.com/influxdata_influxdb< 0.9.6

▶Debianinfluxdata/influxdb< 0.9.6.1+dfsg1-1+3

▶NVDinfluxdata/influxdb0.9.5

▶debiandebian/influxdb< influxdb 0.9.6.1+dfsg1-1 (bookworm)

🔴Vulnerability Details

GHSA

InfluxDB Reflected Cross-site Scripting↗2022-05-24

▶

OSV

InfluxDB Reflected Cross-site Scripting↗2022-05-24

▶

OSV

CVE-2018-17572: InfluxDB 0↗2020-03-02

▶

📋Vendor Advisories

Debian

CVE-2018-17572: influxdb - InfluxDB 0.9.5 has Reflected XSS in the Write Data module.↗2018

▶

Red Hat

influxdb: Reflected cross-site-scripting in the Write Data module↗2015-12-08

▶

💬Community

Bugzilla

CVE-2018-17572 golang-github-influxdb-influxdb: influxdb: Reflected cross-site-scripting in the Write Data module [epel-6]↗2020-03-11

▶

Bugzilla

CVE-2018-17572 golang-github-influxdb-influxdb: influxdb: Reflected cross-site-scripting in the Write Data module [fedora-30]↗2020-03-11

▶

Bugzilla

CVE-2018-17572 influxdb: Reflected cross-site-scripting in the Write Data module↗2020-03-09

▶