CVE-2018-18361
nc-cms (through 2017-03-10) contains a cross-site scripting (XSS) vulnerability in index.php?action=edit_html where the name parameter can inject arbitrary script/HTML via an IMG SRC attribute. This has been documented in CNVD-2018-21238 and related CVE-2018-18361 records, with exploit details in...