CVE-2020-18998

Name of the Vulnerable Software and Affected Versions: Blog mini version 1.0

Description: The issue allows remote attackers to execute arbitrary code via the component "/admin/custom/blog-plugin/add". This is a Cross Site Scripting (XSS) issue.

Recommendations: For Blog mini version 1.0, consider disabling access to the "/admin/custom/blog-plugin/add" component until a patch is available. As a temporary workaround, restrict the use of this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.