Medium severity4.8NVD Advisory· Published Dec 24, 2018· Updated Jun 17, 2026
CVE-2018-20418
CVE-2018-20418
Description
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | <= 3.0.25 | — |
Affected products
1Patches
Vulnerability mechanics
References
7- www.exploit-db.com/exploits/46054/nvdExploitThird Party AdvisoryVDB Entry
- www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.htmlnvdExploitThird Party Advisory
- github.com/advisories/GHSA-72pf-cvwq-vgqgghsaADVISORY
- github.com/craftcms/cms/blob/master/CHANGELOG-v3.mdnvdRelease NotesThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2018-20418ghsaADVISORY
- web.archive.org/web/20201208014852/https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.htmlghsaWEB
- www.exploit-db.com/exploits/46054ghsaWEB
News mentions
0No linked articles in our index yet.