CVE-2018-7547

Name of the Vulnerable Software and Affected Versions lyadmin versions 1.x

Description The issue allows for XSS via the config[WEB SITE TITLE] parameter to the "/admin.php?s=/admin/config/groupsave.html" API endpoint.

Recommendations For lyadmin version 1.x, update to a version that fixes this issue, however at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/admin.php?s=/admin/config/groupsave.html" endpoint and avoid using the config[WEB SITE TITLE] parameter until the issue is resolved.