CVE-2018-25086

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-25086
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25086.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-25086
Published
2023-06-01T07:15:08Z
Modified
2025-01-15T01:33:48.668641Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235.

References

Affected packages

Git / github.com/sea75300/fanpresscm3

Affected ranges

Type
GIT
Repo
https://github.com/sea75300/fanpresscm3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

3.*

3.0.3
3.0.4

v3.*

v3.1.1
v3.1.3
v3.1.4
v3.1.5
v3.2.0
v3.3.0
v3.3.1
v3.4.0
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.5.1-pl1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3