CVE-2018-14380

NONE EPSS 57.8%
Published Jul 18, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 18, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.

Threat Intelligence

EPSS Exploit Probability
57.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
grayloggraylog* <2.4.6

References 2

  • github.com https://github.com/Graylog2/graylog2-server/pull/4904
    Third Party Advisory
  • graylog.org https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
    PatchRelease NotesVendor Advisory

Remediation

  • graylog.org https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
    PatchRelease NotesVendor Advisory