CVE-2018-7746

Name of the Vulnerable Software and Affected Versions: Western Bridge Cobub Razor version 0.7.2

Description: An issue was discovered where authentication is not required for the "/index.php?/manage/channel/modifychannel" API endpoint. This allows for stored XSS to be triggered during a later "/index.php?/manage/channel" request by an admin, for example, with a crafted channel name.

Recommendations: For Western Bridge Cobub Razor version 0.7.2, as a temporary workaround, consider restricting access to the "/index.php?/manage/channel/modifychannel" API endpoint to require authentication. Additionally, restrict the use of crafted channel names to minimize the risk of stored XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.