Vulnerability Details CVE-2019-14518
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/evolution-cms/evolution/issues/1041
- https://github.com/evolution-cms/evolution/issues/1042
- https://github.com/evolution-cms/evolution/issues/1043
- https://github.com/evolution-cms/evolution/issues/1041
- https://github.com/evolution-cms/evolution/issues/1042
- https://github.com/evolution-cms/evolution/issues/1043
Products affected by CVE-2019-14518
-
cpe:2.3:a:modx:evolution_cms:2.0.0