Description CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. Remediation References CVE-2018-20703 Related Vulnerabilities Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098) WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.13) Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-25700) Oracle Application Server CVE-2004-1368 Vulnerability (CVE-2004-1368) Trac URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2008-2951) Severity Medium Classification CVE-2018-20703 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities