CVE-2018-14973

Name of the Vulnerable Software and Affected Versions QCMS version 3.0.1

Description An issue was discovered in the upload/System/Controller/backend/product.php file, which has a Cross-Site Scripting (XSS) issue.

Recommendations For QCMS version 3.0.1, consider restricting access to the upload/System/Controller/backend/product.php file until a patch is available. As a temporary workaround, avoid using the product.php file in the backend to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.