{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-18307","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-08-29T15:03:47.555Z","dateReserved":"2018-10-14T00:00:00.000Z","datePublished":"2018-10-16T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-08-29T15:03:47.555Z"},"descriptions":[{"lang":"en","value":"A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: \"The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized.\""}],"tags":["disputed"],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html"},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5"},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21"},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15"},{"url":"https://www.exploit-db.com/exploits/45601"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}],"datePublic":"2018-10-14T00:00:00.000Z"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T11:08:21.370Z"},"title":"CVE Program Container","references":[{"url":"http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html","tags":["x_transferred"]},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5","tags":["x_transferred"]},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21","tags":["x_transferred"]},{"url":"https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}