CVE-2018-14380
NONE EPSS 57.8%
Published Jul 18, 20187y ago · Modified Jun 17, 20262w ago
Published Jul 18, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
Threat Intelligence
EPSS Exploit Probability
57.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| graylog | graylog | * | <2.4.6 |
References 2
- github.com https://github.com/Graylog2/graylog2-server/pull/4904
- graylog.org https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6
Remediation
- graylog.org https://www.graylog.org/post/announcing-the-release-of-graylog-2-4-6