CVE-2018-18927

Name of the Vulnerable Software and Affected Versions PublicCMS version 4.0

Description An issue in PublicCMS allows cross-site scripting (XSS) by modifying the page list "attached" attribute. This can be achieved through an SQL statement, such as 'UPDATE sys module SET attached = "[XSS]" WHERE id="page list"'.

Recommendations For PublicCMS version 4.0, update the page list "attached" attribute to prevent XSS attacks, ensuring that user input is properly sanitized to avoid malicious script execution. As a temporary workaround, consider restricting access to the sys module table to minimize the risk of exploitation.