First published: Mon Dec 24 2018(Updated: )
`index.php?p=admin/actions/entries/save-entry` in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | =3.0.25 | |
composer/craftcms/cms | <=3.0.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20418 is a vulnerability in Craft CMS 3.0.25 that allows for cross-site scripting (XSS) attacks.
CVE-2018-20418 has a severity rating of 4.8 out of 10, which is considered medium.
CVE-2018-20418 allows XSS attacks by allowing an attacker to save a new title from the console tab.
The affected software is Craft CMS 3.0.25.
To fix CVE-2018-20418, upgrade to a version of Craft CMS that is not affected by this vulnerability.