CVE-2018-20418

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
craftcmscraft_cms
3.0.25
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
https://www.exploit-db.com/exploits/46054/
https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html
https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md
https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
https://www.exploit-db.com/exploits/46054/
https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html