Description

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

Remediation

References

CVE-2018-20418

Related Vulnerabilities

WordPress Plugin OptionTree Cross-Site Scripting (2.5.3)

MediaWiki Use of Insufficiently Random Values Vulnerability (CVE-2023-22912)

PHP Improper Input Validation Vulnerability (CVE-2015-4604)

Atlassian Jira CVE-2020-36286 Vulnerability (CVE-2020-36286)

WordPress Plugin Sliding Social Icons Cross-Site Request Forgery (1.61)

Severity

Medium

Classification

CVE-2018-20418 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities