Tp5Cms · Tp5Cms · CVE-2018-15566
**Name of the Vulnerable Software and Affected Versions**
tp5cms versions prior to 2017-05-25
**Description**
The issue allows for XSS via the `q` parameter in the "admin.php/article/index.html" API endpoint.
**Recommendations**
For versions prior to 2017-05-25, avoid using the `q` parameter in the "admin.php/article/index.html" endpoint until the issue is resolved.