XSS in Zend Zendto
CVE-2018-1000841
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear t…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (48.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Zend Zendto
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC, Release Notes, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-1000841?
- CVE-2018-1000841 is a medium-severity vulnerability in Zend Zendto, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2018-12-20.
- How severe is CVE-2018-1000841?
- Medium severity. CVSS v3 base score is 6.1 out of 10.