CVE-2019-14518

Name of the Vulnerable Software and Affected Versions Evolution CMS versions 2.0.x

Description The issue allows for XSS via a description and new category location in a template. The vendor states that the behavior is consistent with the access policy in the administration panel.

Recommendations For Evolution CMS versions 2.0.x, consider restricting access to template editing features to minimize the risk of exploitation. As a temporary workaround, avoid using user-inputted data in descriptions and new category locations until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.