CVE-2018-1000084

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000084

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000084.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000084

Published

2018-03-13T15:29:01.067Z

Modified

2026-03-14T09:25:41.341826Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .

References

https://github.com/wolfcms/wolfcms/issues/667

Affected packages

Git / github.com/wolfcms/wolfcms

Affected ranges

Type

GIT

Repo

https://github.com/wolfcms/wolfcms

Events

Introduced

Last affected

1b5a6c701b781a632e1364d6865946ee94a9002a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.8.3.1"
        }
    ]
}

Affected versions

0.*

0.7.0

0.7.1

0.7.2

0.7.3

0.7.5

0.7.5-sp1

0.7.6

0.7.7

0.7.8

0.8.0

0.8.1

0.8.2

0.8.3

0.8.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000084.json"