Opportunistic Use of htmlspecialchars() in wg7.php Leads to XSS Vulnerability
CVE-2018-19509 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.
Learn more about our Web App Pen Testing.