CVE-2018-7198: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2022 (updated October 3, 2023)

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

References

securitywarrior9.blogspot.com/2018/02/html-injection-october-cms.html
github.com/advisories/GHSA-96mh-7xpr-qcgw
github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94
nvd.nist.gov/vuln/detail/CVE-2018-7198
www.exploit-db.com/exploits/44144/

Detect and mitigate CVE-2018-7198 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →