CVE-2018-25056 LOW

CVE-2018-25056: yolapi metadata.py render_description cross site scripting

Vendor N/A

Product yolapi

Weakness CWE-79 · XSS

Published December 28, 2022

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

December 28, 2022 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25056

Related vulnerabilities

04Related CVE

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' CVE-2021-34656 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat <= 5.2.7 Reflected Cross-Site Scripting CVE-2024-9572 Cross-Site Scripting vulnerability in SOPlanning CVE-2026-34694 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)