CVE-2018-18909
The CVE-2018-18909 entry applies to xhEditor (version 1.2.2). The underlying issue is a cross-site scripting (XSS) vulnerability: an attacker can inject JavaScript code in the SRC attribute of an IFRAME element within the editor’s source-code view. This is evidenced by multiple connected records ...