PT-2018-17944 · Rainlab+1 · Rainlab Blog Plugin+1

Samrat Das

Published

2018-02-18

Updated

2022-05-13

CVE-2018-7198

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions October CMS versions through 1.0.431 The RainLab Blog Plugin used in October CMS versions through 1.0.431

Description The issue allows for XSS by entering HTML on the Add Posts page. This can be exploited through the RainLab Blog Plugin.

Recommendations For October CMS versions through 1.0.431, update to a version that includes a fix for this issue. For The RainLab Blog Plugin used in October CMS versions through 1.0.431, consider disabling the plugin until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-7198

GHSA-96MH-7XPR-QCGW

Affected Products

October Cms

Rainlab Blog Plugin

PT-2018-17944 · Rainlab+1 · Rainlab Blog Plugin+1

CVE-2018-7198

Weakness Enumeration

Related Identifiers

Affected Products

References · 7