CVE-2018-25051

Name of the Vulnerable Software and Affected Versions JmPotato Pomash (affected versions not specified)

Description A problematic vulnerability was found in JmPotato Pomash, affecting an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the article.title, content.title, or article.tag arguments leads to cross-site scripting. It is possible to initiate the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch with the name be1914ef0a6808e00f51618b2de92496a3604415. As a temporary workaround, consider restricting the manipulation of the article.title, content.title, and article.tag arguments to minimize the risk of exploitation.