CVE-2018-17086
OTCMS 3.61 is affected by CVE-2018-17086: a cross-site scripting (XSS) vulnerability in admin/share_switch.php exploitable via the fieldName, fieldName2, and tabName parameters. The root cause is likely insufficient input sanitization in these parameters, enabling injection of arbitrary HTML/JS. ...