CVE-2018-17320
CVE-2018-17320 affects UCMS 1.4.6. The issue is a stored XSS in the aaddpost.php flow, triggered via the sadmin/aindex.php minfo parameter within the sadmin_aaddpost action. The vulnerability allows injection of arbitrary script/HTML by a remote attacker. The reports in connected documents confir...