VWE-2018-4666 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2018-4666
This page is a chapter in Info Known Vulnerabilities

This page has been seen 202,034 times.

- Created by
  pegasus
  on October 8, 2018

Common Name None
VWE-ID VWE-2018-4666
Related Report None
Severity LOW
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Phishing. Possible to position user-generated content outside their containers using specially crafted custom sidebar block headings. Does not affect Lite versions.

Discovered September 16, 2018
Resolved October 8, 2018
Patches Available 4.0.24 Patch Level 1
4.0.23 Patch Level 3
4.0.22 Patch Level 5
4.0.21 Patch Level 6
4.0.20 Patch Level 9
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2018-4666
Related Report	None
Severity	LOW
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Phishing. Possible to position user-generated content outside their containers using specially crafted custom sidebar block headings. Does not affect Lite versions.
Discovered	September 16, 2018
Resolved	October 8, 2018
Patches Available	4.0.24 Patch Level 1 4.0.23 Patch Level 3 4.0.22 Patch Level 5 4.0.21 Patch Level 6 4.0.20 Patch Level 9