CVE-2018-18722
Description
An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in YUNUCMS 1.1.5 admin content editor allows remote attackers to inject arbitrary web script or HTML.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in YUNUCMS 1.1.5 in the admin content editor at /admin/content/editcontent?id=29&gopage=1. The issue allows attackers to inject arbitrary web script or HTML that is stored and executed when the page is viewed. [1]
Exploitation
An attacker must first log in as an administrator. Then, by navigating to the vulnerable edit page, the attacker can insert a malicious payload (e.g., ``) into the content field and submit the form. The payload is stored and executed on subsequent page views. [1]
Impact
Successful exploitation leads to execution of arbitrary JavaScript in the context of the admin panel. This could allow an attacker to perform actions on behalf of the administrator, steal session cookies, or deface the site. The impact is limited to the admin interface. [1]
Mitigation
No official patch or fixed version has been released for YUNUCMS 1.1.5 as of the publication date. The only mitigation is to remove the vulnerability manually or upgrade to a later version if available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/source-trace/yunucms/issues/6mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.