2 matches found
CVE-2018-19905
HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...
CVE-2018-19905
razorCMS 3.4.8 is affected by an HTML injection via the /#/page keywords parameter. The issue concerns the keywords field in that endpoint, enabling arbitrary HTML injection. Remediation hints from PT-2018-15155 suggest restricting access to the /#/page API or stopping use of the keywords paramet...