Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.
a79076ea5f0d74f1eb3dde4ab9932ee11. Introduction
Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7274
2. Technical Description
There are multiple Persistent XSS vulnerabilities in Quarx Content Management System. These vulnerabilities exists
due to insufficient sanitization of user-supplied data.
3. Affected pages and parameters:
Blog -> 'Title'
FAQ -> 'Question'
Pages -> 'Title'
Widgets -> 'Name'
Menus -> 'Name'
5. Credit
Preethi Koroth (@p3core0ath)
6. Reference:
https://github.com/YABhq/Quarx/issues/115