CVE-2018-17034
UCMS 1.4.6 contains a Cross-Site Scripting (XSS) vulnerability controllable via the mysql_dbname parameter in install/index.php. Multiple connected sources (NVD entry CVE-2018-17034 and CNVD/CVE listings) confirm an XSS flaw capable of injecting arbitrary scripts/HTML in affected users’ browsers....