Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS

Posted by preethiknambiar on Feb 201. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7274

2. Technical Description

There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists
due…

Link: http://seclists.org/bugtraq/2018/Feb/53