CVE-2018-18209
CVE-2018-18209 affects DiliCMS 2.4.0. A reflected XSS exists via the admin/index.php/setting/site?tab=site_attachment parameter (attachment_type). Underlying issue is input handling that allows HTML/script injection, with potential exposure to sensitive data as described in CNVD-2019-17479 and CN...