CVE-2018-11571EUVD-2018-359731.05.2018, 00:29ClipperCMS 1.3.3 allows Session Fixation.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary8.8 HIGHNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 54%Affected Products (NVD)VendorProductVersionclippercmsclippercms1.3.3𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-384 - Session FixationAuthenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Referenceshttps://github.com/ClipperCMS/ClipperCMS/issues/486https://github.com/ClipperCMS/ClipperCMS/issues/486