2 matches found
CVE-2018-14936
The Add page option in my little forum 2.4.12 allows XSS via the Title field...
CVE-2018-14936
The CVE-2018-14936 entry relates to my little forum version 2.4.12, where the Add page’s Title field is vulnerable to cross-site scripting (XSS). The underlying issue is lack of proper sanitization/input validation in the Title field, allowing attacker-controlled scripts to execute in a user’s br...