CVE-2018-25055

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-25055
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25055.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-25055
Published
2022-12-28T12:15:08.820Z
Modified
2026-04-02T01:23:30.344914Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is b8f3d61511c9b02b781ec442bfb803cbff8e08d5. It is recommended to upgrade the affected component. The identifier VDB-216961 was assigned to this vulnerability.

References

Affected packages

Git / github.com/jeffcoughlin/farcrysolrpro

Affected ranges

Type
GIT
Repo
https://github.com/jeffcoughlin/farcrysolrpro
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c6e2115abeb7e74cb8dd8ed6641ecd8f13356aac
Fixed
b8f3d61511c9b02b781ec442bfb803cbff8e08d5
Fixed
b96b2678cf75546e505eca27f7435cef3c0f6846
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0"
        }
    ]
}

Affected versions

0.*
0.0.2
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.2.0
1.2.1
1.2.10
1.2.11
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.5.0
Other
alpha
private-beta

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25055.json"