CVE-2018-20418

Name of the Vulnerable Software and Affected Versions Craft CMS version 3.0.25

Description The issue allows for cross-site scripting (XSS) by saving a new title from the console tab, specifically through the "index.php?p=admin/actions/entries/save-entry" endpoint.

Recommendations For Craft CMS version 3.0.25, as a temporary workaround, consider restricting access to the "index.php?p=admin/actions/entries/save-entry" endpoint until a patch is available. Avoid using this endpoint to save new titles from the console tab until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.