CVE-2018-18823
Description
WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WolfCMS 0.8.3.1 is vulnerable to stored XSS via uploading a malicious SVG file in the file manager.
Vulnerability
WolfCMS 0.8.3.1 allows stored cross-site scripting (XSS) via an SVG file uploaded through the file manager at /?/admin/plugin/file_manager/browse/. The application does not sanitize SVG files, allowing arbitrary JavaScript to be embedded. This affects version 0.8.3.1 [1].
Exploitation
An attacker must have valid administrator credentials to access the file manager. By uploading a crafted SVG file containing JavaScript payloads, the attacker can trigger execution when another administrator views the file in the browser. The attack requires no additional user interaction beyond viewing the uploaded file [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session, potentially leading to cookie theft, session hijacking, or defacement of the administrative interface.
Mitigation
No official patch or workaround was found in the available references. Administrators should manually sanitize SVG uploads by stripping script content or restrict access to the file manager to trusted users only. As of the publication date, WolfCMS has not released a fix for this version [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/s-kustm/Subodh/blob/master/CVE-2018-18823.pdfmitrex_refsource_MISC
- twitter.com/Subodhk62060242mitrex_refsource_MISC
- www.linkedin.com/in/subodh-kumar-8a00b1125/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.