CVE-2018-6890
Description
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via page editing allows arbitrary JavaScript execution.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in Wolf CMS version 0.8.3.1 through the page editing feature. The endpoint /?/admin/page/edit/3 does not sanitize user-supplied input, allowing an attacker to inject arbitrary HTML and JavaScript code into page content [1][2].
Exploitation
An attacker with administrative access or any user who can edit pages can exploit this vulnerability by injecting a malicious script into the page content field. After saving the page, the script is stored and executed in the browsers of other users visiting the affected page [1].
Impact
Successful exploitation leads to arbitrary JavaScript execution in the context of the victim's session. This can result in session hijacking, defacement, or theft of sensitive data, as the injected script can access cookies and perform actions on behalf of the victim [2].
Mitigation
As of the publication date, no official patch has been released for Wolf CMS 0.8.3.1. Users are advised to upgrade to a later version if available, or manually implement input validation and output encoding for the page editing functionality [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.