cve/2018/CVE-2018-20418.md

CVE-2018-20418

Description

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

POC

Reference

• https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
• https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
• https://www.exploit-db.com/exploits/46054/
• https://www.exploit-db.com/exploits/46054/

Github

• https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting