Medium severity4.8OSV Advisory· Published May 24, 2018· Updated Jun 17, 2026
CVE-2018-11332
CVE-2018-11332
Description
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2clipper_1.2.0, clipper_1.3.0, clipper_1.3.1, …+ 1 more
- (no CPE)range: clipper_1.2.0, clipper_1.3.0, clipper_1.3.1, …
- (no CPE)range: = 1.3.3
Patches
Vulnerability mechanics
References
2- github.com/ClipperCMS/ClipperCMS/issues/483nvdExploitThird Party Advisory
- www.exploit-db.com/exploits/44775/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.