CVE-2018-19465

Name of the Vulnerable Software and Affected Versions Maccms versions through 8.0

Description The issue allows for XSS via the site keywords field to "index.php?m=system-config" because of vulnerabilities in tpl/module/system.php and tpl/html/system config.html, related to template/paody/html/vod index.html.

Recommendations For versions through 8.0, consider restricting access to the site keywords field in the "index.php?m=system-config" endpoint until a patch is available. As a temporary workaround, consider disabling the vulnerable template files, specifically tpl/module/system.php and tpl/html/system config.html, to minimize the risk of exploitation.