CVE-2018-25053 MEDIUM

CVE-2018-25053: moappi Json2html json2html.js cross site scripting

Vendor Moappi
Product Json2html
Weakness CWE-79 · XSS
Published December 28, 2022
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959.

Key dates

02Disclosure timeline

December 28, 2022 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection CVE-2025-32527 WordPress T&P Gallery Slider plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-24574 WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-2735 Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-1234 XSS in livehelperchat in livehelperchat/livehelperchat