CVE-2018-16298

An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request...

CVE-2018-16298

MiniCMS 1.10 is affected by a cross-site scripting (XSS) vulnerability in the admin endpoint mc-admin/post.php?tag= where requests with state=delete, state=draft, or state=publish can inject script or HTML. The flaw is triggered via the tag parameter and is present in the public CVE entries acros...