{"id":"CVE-2018-16316","details":"A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.","modified":"2026-04-10T04:06:44.468435Z","published":"2018-09-01T18:29:00.803Z","references":[{"type":"FIX","url":"https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/portainer/portainer","events":[{"introduced":"0"},{"last_affected":"e94a725a8a9a9246011aa1596795df4a8b864973"},{"fixed":"1ad150c99460a35224d6adfe48ddda9ee056b7d2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.19.1"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.10.0","1.10.1","1.10.2","1.11.0","1.11.1","1.11.2","1.11.4","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.14.0","1.14.1","1.14.2","1.14.3","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.15.5","1.16.0","1.16.1","1.16.2","1.16.3","1.16.4","1.16.5","1.17.0","1.17.1","1.18.0","1.18.1","1.19.0","1.19.1","1.2.0","1.3.0","1.5.0","1.6.0","1.7.0","1.8.0","1.8.1","1.9.0","1.9.1","1.9.2","1.9.3","v0.5","v0.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16316.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}