CVE-2018-17086

Name of the Vulnerable Software and Affected Versions OTCMS version 3.61

Description A security issue was found in OTCMS, where a cross-site scripting (XSS) attack can be executed. This issue is located in the admin/share switch.php file and is triggered by the fieldName, fieldName2, and tabName parameters.

Recommendations For OTCMS version 3.61, consider restricting access to the admin/share switch.php file until a patch is available. As a temporary workaround, avoid using the fieldName, fieldName2, and tabName parameters in the affected file to minimize the risk of exploitation.