Vulnerabilities

CVE-2018-19509

by Fred · 17/03/2019

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.

Date published : 2019-03-17

http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html

http://seclists.org/fulldisclosure/2019/Jan/15

Similar

Tags: Cybersecurity Alert