XSS in Zend Zendto

CVE-2018-1000841

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear t…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (48.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2018-1000841?
CVE-2018-1000841 is a medium-severity vulnerability in Zend Zendto, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2018-12-20.
How severe is CVE-2018-1000841?
Medium severity. CVSS v3 base score is 6.1 out of 10.