Stored XSS Vulnerability in JPress v1.0-rc.5 via starter-tomcat-1.0/admin/setting URI

Stored XSS Vulnerability in JPress v1.0-rc.5 via starter-tomcat-1.0/admin/setting URI

CVE-2018-19170 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.

Learn more about our Cis Benchmark Audit For Apache Tomcat.