CVE-2018-25086

Name of the Vulnerable Software and Affected Versions sea75300 FanPress CM versions up to 3.6.3

Description A vulnerability was found in the Template Preview component, specifically affecting the getArticlesPreview function of the file inc/controller/action/system/templatepreview.php. This issue leads to cross-site scripting and can be initiated remotely.

Recommendations For versions up to 3.6.3, upgrade to version 3.6.4 to address this issue. As a temporary workaround, consider disabling the getArticlesPreview function until the patch is applied. Restrict access to the vulnerable templatepreview.php file to minimize the risk of exploitation.