CVE-2018-11680

Name of the Vulnerable Software and Affected Versions CmsEasy version 6.1 20180508

Description A CSRF issue exists in the rich text editor, allowing the addition of an IFRAME element. This could potentially be used in a denial-of-service attack if a referenced remote URL is rapidly refreshed.

Recommendations For CmsEasy version 6.1 20180508, as a temporary workaround, consider disabling the rich text editor until a patch is available. Restrict access to the editor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.