Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label > Value pairs). NOTE: some of these details are obtained from third party information.
Publication date: Fri, 12 Oct 2018 01:50:00 +0000