CVE-2018-1000087

Name of the Vulnerable Software and Affected Versions: WolfCMS version 0.8.3.1

Description: The issue concerns a Reflected Cross Site Scripting vulnerability in the "Create New File" and "Create New Directory" input boxes from the 'files' tab. This can lead to session hijacking, spreading worms, and remote control of the browser. The attack is exploitable by executing JavaScript in the vulnerable input boxes.

Recommendations: For WolfCMS version 0.8.3.1, as a temporary workaround, consider disabling the "Create New File" and "Create New Directory" input boxes from the 'files' tab until a patch is available. Restrict access to these features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.