CVE-2018-18943
Summary: baserCMS before 4.1.4 is affected by a Cross-Site Scripting (XSS) vulnerability in the Register New Category feature of the Upload menu. The category name can be injected via the data[UploaderCategory][name] parameter to the admin/uploader/uploader_categories/edit URI. Impact/Remediation...