{"id":"CVE-2018-14481","details":"Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.","modified":"2026-04-02T00:41:27.735310Z","published":"2019-01-03T19:29:00.430Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/osclass/osclass","events":[{"introduced":"0"},{"last_affected":"cbf31336888fc3e5f730ea8b35e4d06610b87935"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.7.4"}]}}],"versions":["v1.1","v2.0","v2.0.1","v2.0.2","v2.0.3","v2.1","v2.1.1","v2.2","v2.2.1","v2.2.2","v2.2.3","v2.3","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.4","v2.4.1","v3.0","v3.0.1","v3.0.2","v3.1","v3.1.1","v3.1.2","v3.2.0","v3.2.1","v3.2.2","v3.3.0","v3.3.1","v3.4.0","v3.4.1","v3.4.2","v3.4.3","v3.5.0","v3.5.1","v3.5.2","v3.5.3","v3.5.4","v3.5.5","v3.5.6","v3.5.7","v3.5.9","v3.6.0","v3.6.1","v3.7.0","v3.7.1","v3.7.3","v3.7.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}