CVE-2018-14974
CVE-2018-14974 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/news.php. CNVD describes remote exploitation to inject arbitrary script/HTML; CVSS3 base score 4.8 (MEDIUM). No remediation details provided in the supplied documents.