CVE-2018-18717
CVE-2018-18717 affects Eleanor CMS up to 2015-03-19. It is an XSS vulnerability exploitable through the AJAX endpoint ajax.php?direct=admin&file=autocomplete&query=[XSS] where the attacker-controlled query is reflected in the response. NVD lists CVSSv2 base 3.5 (LOW) and CVSSv3 base 4.8 (MEDIUM)....