CVE-2018-19083

Name of the Vulnerable Software and Affected Versions WeCenter versions 3.2.0 through 3.2.2

Description The issue concerns a problem with the htmlspecialchars decode function in the views/default/question/index.tpl.html file. This is exploited via the "/?/publish/ajax/publish question/" API endpoint, specifically through the question content parameter.

Recommendations For WeCenter versions 3.2.0 through 3.2.2, as a temporary workaround, consider restricting access to the /publish/ajax/publish question/ API endpoint until a patch is available. Avoid using the question content parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.