VYPR
Medium severity4.8OSV Advisory· Published May 24, 2018· Updated Jun 17, 2026

CVE-2018-11332

CVE-2018-11332

Description

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Clippercms/ClippercmsOSV2 versions
    clipper_1.2.0, clipper_1.3.0, clipper_1.3.1, …+ 1 more
    • (no CPE)range: clipper_1.2.0, clipper_1.3.0, clipper_1.3.1, …
    • (no CPE)range: = 1.3.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.