Unrated severityOSV Advisory· Published Mar 13, 2018· Updated Aug 5, 2024

CVE-2018-1000087

Description

WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WolfCMS 0.8.3.1 has reflected XSS in file creation input boxes, allowing session hijacking and remote control.

Vulnerability

WolfCMS version 0.8.3.1 contains a reflected Cross-Site Scripting vulnerability in the 'Create New File' and 'Create New Directory' input boxes within the 'files' Tab. The application fails to sanitize user input in these fields, allowing injection of arbitrary JavaScript. This flaw exists in the stable release as confirmed by the reporter [1].

Exploitation

An attacker can craft a malicious URL containing JavaScript payload (e.g., ``) in the vulnerable input parameter. The victim must be tricked into clicking the crafted link, which then executes the script in the context of the WolfCMS session. No authentication is required for the attacker to deliver the payload [1].

Impact

Successful exploitation enables the attacker to hijack user sessions, spread worms, and remotely control the victim's browser. This can lead to information disclosure, unauthorized actions, and potential compromise of the CMS instance [1].

Mitigation

As of the publication date (2018-03-13), no official patch or fixed version has been released. Users are advised to apply input sanitization or validation as a workaround, such as filtering script tags in the affected fields. No CVE listing in KEV has been noted [1].

References

No title

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Wolfcms/WolfCMSOSV2 versions
0.7.0, 0.7.1, 0.7.2, …+ 1 more
- (no CPE)range: 0.7.0, 0.7.1, 0.7.2, …
- (no CPE)range: = 0.8.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cveexploit.blogspot.inmitrex_refsource_MISC
github.com/wolfcms/wolfcms/issues/666mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000