logo

Database

Server side cross-site scripting In evolutioncms/evolution

Description

Evolution CMS Stored Cross-site Scripting (XSS) Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-166372. NVD-2018-166373. OSV-2018-166374. GCVE-2018-16637

References

1. https://github.com/evolution-cms/evolution/issues/7882. https://github.com/evolution-cms/evolution/commit/2b8aaa6224997155de0fe9440ad106bd98dc4f4b3. https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.