CVE-2018-20837

Name of the Vulnerable Software and Affected Versions: Typesetter version 5.1

Description: The issue concerns an XSS vulnerability in the include/admin/Menu/Ajax.php file. Specifically, it affects the "index.php/Admin/Menu/Ajax?cmd=AddHidden" endpoint, where the title parameter is vulnerable to XSS attacks.

Recommendations: For Typesetter version 5.1, consider restricting access to the vulnerable "index.php/Admin/Menu/Ajax" endpoint until a patch is available. As a temporary workaround, avoid using the cmd=AddHidden parameter in this endpoint to minimize the risk of exploitation.