CVE-2018-18745

Name of the Vulnerable Software and Affected Versions SEMCMS version 3.4

Description A cross-site scripting (XSS) issue was found in the software, specifically during editing operations. The issue is related to the admin/SEMCMS Menu.php endpoint, where the lgid parameter is used. For example, the endpoint /admin/SEMCMS Menu.php?lgid=1 is affected.

Recommendations For SEMCMS version 3.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the admin/SEMCMS Menu.php endpoint to minimize the risk of exploitation. Avoid using the lgid parameter in the affected endpoint until the issue is resolved.