RubySec

Providing security resources for the Ruby community

CVE-2018-7261 (radiant): Multiple persistent XSS vulnerabilities in Radiant CMS

ADVISORIES

GEM

radiant

SEVERITY

CVSS v3: 5.4

CVSS v2: 3.5

PATCHED VERSIONS

None.

DESCRIPTION

There are multiple Persistent XSS vulnerabilities in Radiant CMS. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).