CVE-2018-18419 – User Management 1.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-18419

18 Oct 2018 — Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. Se ha descubierto Cross-Site Scripting (XSS) persistente en la sección upload de ARDAWAN.COM User Management 1.1, tal y como queda demostrado con un nombre de archivo .jpg en el URI /account. User Management version 1.1 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/149850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •