logo

Database

Reflected cross-site scripting (XSS) In evolutioncms/evolution

Description

Evolution CMS Cross-site Scripting (XSS) Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the manager/ search parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-166382. NVD-2018-166383. OSV-2018-166384. GCVE-2018-16638

References

1. https://github.com/evolution-cms/evolution/issues/7892. https://github.com/evolution-cms/evolution/commit/b59d1f57be37ab752d65be4bc4d3546c36b694153. https://github.com/security-breachlock/CVE-2018-16638/blob/master/evolution_xss_reflected.pdf

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.