CVE-2018-17049
CVE-2018-17049 affects CQU-LANKERS up to 2017-11-02. Vulnerability: cross-site scripting (XSS) via the public/api.php callback parameter in the uploadpic action. Root cause: unsanitized callback parameter leading to script injection. Impact: enables injection of client-side scripts (as documented...