CVE-2018-7198
published 2018-02-18CVE-2018-7198: October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
PriorityP434medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.39%
81.9th percentile
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octobercms | october | <= 1.0.431 | — |
| rainlab | blog-plugin | >= 0 < 1.4.1 | 1.4.1 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
October CMS - RainLab Blog Plugin XSS
osv·2022-05-13
CVE-2018-7198 [MEDIUM] October CMS - RainLab Blog Plugin XSS
October CMS - RainLab Blog Plugin XSS
The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
GHSA
October CMS - RainLab Blog Plugin XSS
ghsa·2022-05-13
CVE-2018-7198 [MEDIUM] CWE-79 October CMS - RainLab Blog Plugin XSS
October CMS - RainLab Blog Plugin XSS
The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
No detection rules found.
No writeups or analysis indexed.
2018-02-18
Published