Advisories for Composer/Evolutioncms/Evolution package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.

2018

Cross-site Scripting

Evolution CMS allows XSS via the page weblink title parameter to the manager/ URI.

Cross-site Scripting

Evolution CMS allows XSS via the manager/ search parameter.