CVE-2018-7476

Name of the Vulnerable Software and Affected Versions FineCms version 5.3.0

Description The issue concerns a Cross Site Scripting (XSS) problem. It occurs via the id or lid parameter in a "c=linkage,m=import" request to "admin.php". The xss clean protection mechanism is bypassed by specially crafted input that does not contain a '<' or '>' character.

Recommendations For FineCms version 5.3.0, as a temporary workaround, consider restricting access to the "admin.php" endpoint with the "c=linkage,m=import" request to minimize the risk of exploitation. Avoid using the id or lid parameters in this request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.