CVE-2018-18361

Published October 15th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element.

gnat/nc-cms

:bulb: Embeddable, lightweight, simple PHP CMS. Content Management System.

GitHub