What is CVE-2018-8046?

CVE-2018-8046 is a vulnerability in N/a. Published 2018-07-05.

Is CVE-2018-8046 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-8046

The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is corr…

EPSS: 0.670 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Ostorlab/KEV

References

examples.sencha.com/extjs/6.6.0/release-notes.html (x_refsource_CONFIRM)
20180702 XSS in Sencha Ext JS 4 to 6 (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2018-8046?: CVE-2018-8046 is a vulnerability in N/a. Published 2018-07-05.
Is CVE-2018-8046 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.