Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2018-17090 | Medium Severity | Armis

) within the vulnerable input. Successful exploitation can lead to actions such as session hijacking, credential theft, or defacement, depending on where the stored content is rendered.\n","datePublished":"2018-09-16T21:29:00.000Z","dateModified":"2026-05-13T09:04:46.204Z","keywords":"Medium, 2018, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2018-17090","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17090","name":"NVD CVE-2018-17090"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"5.4"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.21%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"43th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"LOW"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2018-17090?","acceptedAnswer":{"@type":"Answer","text":"Stored XSS vulnerability in DonLinkage 6.6.8 affecting the modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php.\n"}},{"@type":"Question","name":"How severe is CVE-2018-17090?","acceptedAnswer":{"@type":"Answer","text":"CVE-2018-17090 has a CVSS score of 5.4 (Medium severity). EPSS score: 0.21% (43th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2018-17090?","acceptedAnswer":{"@type":"Answer","text":"- Upgrade DonLinkage to a version that includes the fix or apply vendor-provided patches as soon as they are available.\n- If upgrading is not feasible, implement server-side input validation and output encoding in the affected modules to sanitize and neutralize user-supplied content before storage and before rendering.\n- Enforce a strong Content Security Policy (CSP) to block inline scripts and restrict script sources (e.g., script-src 'self'; disallow unsafe-inline).\n- Deploy Web Application Firewall rules to detect and block suspicious payload patterns typical of stored XSS, including sequences that close textareas followed by script tags.\n- After applying mitigations, verify remediation by testing with controlled payloads to ensure no executable script can be rendered, and perform a broader security review of the affected code paths for other XSS surfaces.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2018-17090","item":"https://cve.armis.com/CVE-2018-17090"}]}]

CVE-2018-17090:

Stored XSS vulnerability in DonLinkage 6.6.8 affecting the modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php.

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Sep 16, 2018
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.2
EPSS Percentile:43%

Exploitability

Score:2.3
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:LOW