NIST · via Voidly Atlas
CVE-2018-25331
This is the agency's own public-domain data, curated and made citable by Voidly. Voidly adds no independent claim — always verify against the linked canonical source.
cve id
CVE-2018-25331
published
2026-05-17T13:16:44.710
last modified
2026-05-17T13:16:44.710
status
Received
description
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.
cvss score
6.1
cvss severity
MEDIUM
cvss vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cwes
CWE-79
cpe count
0
Cite this record
CVE-2018-25331 — MEDIUM. NIST, via Voidly Atlas — Surveillance & Digital-Rights Watch. Retrieved 2026-06-07, https://voidly.ai/atlas/federal/nvd-cves/CVE-2018-25331
@misc{voidly_nvd_cves_CVE201825331,
title = {CVE-2018-25331 — MEDIUM},
author = {{Voidly}},
howpublished = {\url{https://voidly.ai/atlas/federal/nvd-cves/CVE-2018-25331}},
note = {Source: NIST National Vulnerability Database, https://nvd.nist.gov/vuln/detail/CVE-2018-25331. Public domain (17 U.S.C. §105); re-surfaced under CC BY 4.0},
urldate = {2026-06-07},
year = {2026}
}Also available as JSON/BibTeX/APA: API record. Source data is U.S. federal public domain (17 U.S.C. §105). Re-surfaced by Voidly under CC BY 4.0.