CVE-2018-1000842

Name: CVE-2018-1000842
Creator: NVD / NIST
Published: 2018-12-20T15:29:01.953+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 1.69%

Last modified Jun 17, 2026

CVE-2018-1000842 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. EPSS estimates a 1.69% chance of exploitation in the next 30 days.

Description

FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

1.69%

74.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Fatfreecrm	Fatfreecrm	<= 0.14.1
Fatfreecrm	Fatfreecrm	>= 0.15.0, <= 0.15.1
Fatfreecrm	Fatfreecrm	>= 0.16.0, <= 0.16.3
Fatfreecrm	Fatfreecrm	>= 0.17.0, <= 0.17.2
Fatfreecrm	Fatfreecrm	0.18.0

References

https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfaPatch
https://github.com/asteinhauser/fat_free_crm/issues/1Third Party Advisory
https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29Patch, Third Party Advisory
https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc
https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfaPatch
https://github.com/asteinhauser/fat_free_crm/issues/1Third Party Advisory
https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29Patch, Third Party Advisory
https://groups.google.com/forum/#%21topic/fat-free-crm-users/TxsdZXSe7Jc

Timeline

Published: Dec 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000842?

How severe is CVE-2018-1000842?

CVE-2018-1000842 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 1.69% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000842?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000842?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST