CVE-2018-1157131.05.2018, 00:29ClipperCMS 1.3.3 allows Session Fixation.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.8 HIGHNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 55%VendorProductVersionclippercmsclippercms1.3.3𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-384 - Session FixationAuthenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Referenceshttps://github.com/ClipperCMS/ClipperCMS/issues/486https://github.com/ClipperCMS/ClipperCMS/issues/486