CVE-2018-7261

Vulnerability

Radiant CMS 1.1.4 suffers from multiple Persistent Cross-Site Scripting (XSS) vulnerabilities due to insufficient sanitization of user-supplied data. The affected parameters include Name and Username in Personal Preferences, and Site Title, Dev Site Domain, Page Parts, Page Fields in Configuration. The input is stored and later rendered without proper escaping, making the injection persistent. [1][2]

Exploitation

An attacker with access to the administrative interface (e.g., an authenticated user with rights to edit Personal Preferences or Configuration) can inject a crafted payload such as `` into the vulnerable fields. The payload is stored on the server and executed in the browsers of other administrators when they view the affected pages. No user interaction beyond normal browsing is required for the stored script to run. [2][3]

Impact

Successful exploitation allows a remote attacker to execute arbitrary script code in the context of the affected CMS within a victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information such as authentication tokens. The attacker operates with the privileges of the victim user, which could be an administrator. [1][2]

Mitigation

As of the published advisory, no fixed version was available. The vendor was contacted but no patch was released at that time. Users should restrict administrative access to trusted individuals and consider applying input validation as a workaround. The application may be end-of-life if not actively maintained, and moving to a supported fork is recommended. [2][3]