CVE-2018-1999008

Name of the Vulnerable Software and Affected Versions October CMS version prior to build 437

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality. This can be exploited by an authenticated user with media module permission, allowing them to create arbitrary folder names with XSS content.

Recommendations For October CMS version prior to build 437, update to build 437 or later to resolve the issue. As a temporary workaround, consider restricting media module permissions to minimize the risk of exploitation.