CVE-2018-18548: Cross-site Scripting

October 24, 2018 (updated December 6, 2018)

ajenticp has XSS via a filename that is mishandled in File Manager.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18548
cwe.mitre.org/data/definitions/79.html
numanozdemir.com/ajenti-xss.txt
www.exploit-db.com/exploits/45691/

Detect and mitigate CVE-2018-18548 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →