CVE-2018-16759

Published September 9th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.

TeamEasy/EasyCMS

cms by thinkphp3.1.3+dwz+bootstrap

GitHub

103