Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-25056
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-28 Dec, 2022 | 11:32
Updated At-01 Jan, 1000 | 00:00
Rejected At-
▼CVE Numbering Authority (CNA)
yolapi metadata.py render_description cross site scripting

A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability.

Affected Products
Vendor
n/a
Product
yolapi
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross Site Scripting
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.03.5LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2022-12-28 00:00:00
VulDB entry created2022-12-28 01:00:00
VulDB last update2022-12-28 12:37:52
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.216966
vdb-entry
technical-description
https://vuldb.com/?ctiid.216966
signature
permissions-required
https://github.com/yola/yolapi/commit/a0fe129055a99f429133a5c40cb13b44611ff796
patch
Details not found