CVE-2018-10268

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-10268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-10268

Published

2018-04-22T01:29:01.690Z

Modified

2026-03-14T09:27:07.816183Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.

References

https://gitee.com/karson/fastadmin/issues/IJ7YZ

Affected packages

Git / github.com/karsonzhang/fastadmin

Affected ranges

Type

GIT

Repo

https://github.com/karsonzhang/fastadmin

Events

Introduced

Last affected

f035876bfba386bf8ca88d70a2186e40019f2e34

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0.20180417-beta"
        }
    ]
}

Affected versions

v0.*

v0.1.0.20170721_beta

v1.*

v1.0.0.20170808_beta

v1.0.0.20170816_beta

v1.0.0.20170915_beta

v1.0.0.20171026_beta

v1.0.0.20171206_beta

v1.0.0.20180117_beta

v1.0.0.20180119_beta

v1.0.0.20180204_beta

v1.0.0.20180222_beta

v1.0.0.20180308_beta

v1.0.0.20180310_beta

v1.0.0.20180314_beta

v1.0.0.20180327_beta

v1.0.0.20180401_beta

v1.0.0.20180406_beta

v1.0.0.20180417_beta

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10268.json"