CVE-2018-25331

Name of the Vulnerable Software and Affected Versions Zenar Content Management System (affected versions not specified)

Description Unauthenticated attackers can inject malicious scripts by manipulating form parameters in POST requests. Specifically, script tags can be injected through the current page parameter sent to the 'ajax.php' endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.