CVE-2018-11651

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
01/06/2018
Last modified:
27/06/2018

Description

Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:* 2.4.4 (excluding)