GSA_kwCzR0hTQS04aDI0LTNjanIteHhtaM4AAUIc

Moderate EPSS: 0.00206% (0.43207 Percentile) EPSS:

Permalink JSON

Evolution CMS Stored Cross-site Scripting (XSS)

Affected Packages	Affected Versions	Fixed Versions
packagist:evolutioncms/evolution	>= 1.4, < 1.4.6	1.4.6
0 Dependent packages 0 Dependent repositories 1,600 Downloads total Affected Version Ranges All affected versions 1.4.2, 1.4.3, 1.4.4, 1.4.5 All unaffected versions 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7

Evolution CMS 1.4.x prior to 1.4.6 allows XSS via the page weblink title parameter to the manager/ URI.

References:

Identifiers

GHSA-8h24-3cjr-xxmh

CVE-2018-16637

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00206

EPSS Percentile: 0.43207

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/security-breachlock/CVE-2018-16637

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories