CVE-2018-13001

Sandoba CP:Shop v2016.1 contains a cross-site scripting (XSS) vulnerability in the cpshop/admin.php module. The CVE describes a non-persistent XSS that can be triggered via GET parameters (path, search, rename, or dir) and injected into client-side code. Connected sources corroborate the issue ac...