Lucene search

K

GoogleOSV:GHSA-8H24-3CJR-XXMH

HistoryMay 14, 2022 - 1:31 a.m.

Evolution CMS Stored Cross-site Scripting (XSS)

2022-05-1401:31:07

Google

osv.dev

6

evolution cms

1.4.x

stored xss

page weblink title

security vulnerability

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

24.8%

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI.

References

github.com/evolution-cms/evolution

github.com/evolution-cms/evolution/commit/2b8aaa6224997155de0fe9440ad106bd98dc4f4b

github.com/evolution-cms/evolution/issues/788

github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf

nvd.nist.gov/vuln/detail/CVE-2018-16637

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

24.8%

Related for OSV:GHSA-8H24-3CJR-XXMH

osv1 cve1 nvd1 prion1 cvelist1 github1