CVE-2018-11332

Name of the Vulnerable Software and Affected Versions ClipperCMS version 1.3.3

Description A stored cross-site scripting (XSS) issue exists due to improper validation of user input in the "Site Name" field, located in the "site" tab under configurations. This allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the "manager/processors/save settings.processor.php" file.

Recommendations For ClipperCMS version 1.3.3, as a temporary workaround, consider validating and sanitizing all user input for the "Site Name" field to prevent XSS attacks. Restrict access to the "manager/processors/save settings.processor.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.