{"id":"CVE-2018-16637","details":"Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.","aliases":["GHSA-8h24-3cjr-xxmh"],"modified":"2026-04-11T18:44:38.287587Z","published":"2018-12-28T17:29:00.323Z","references":[{"type":"EVIDENCE","url":"https://github.com/security-breachlock/CVE-2018-16637/blob/master/evolution_xss_stored.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/evolution-cms/evolution","events":[{"introduced":"eb5ae0355ce48dffe48f3c5ee80b3a927cd14017"},{"last_affected":"72e8577bcc46f0057fc5688d4390196c08489a72"}],"database_specific":{"cpe":"cpe:2.3:a:modx:evolution_cms:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.4.0"},{"last_affected":"1.4.7"}],"source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16637.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}