CVE-2018-14388
Joyplus-cms 1.6.0 is vulnerable to cross-site scripting (XSS) via the can_search_device parameter sent to manager/admin_ajax.php. The root cause is unsanitized user input in that parameter, allowing arbitrary script execution in a user’s browser. Multiple sources (NVD, Red Hat, CNVD, CNVD, PRION,...