Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2018-7198

CVE-2018-7198:
October CMS - RainLab Blog Plugin XSS

6.1

CVSS Score

Basic Information

CVE ID
CVE-2018-7198
GHSA ID
GHSA-96mh-7xpr-qcgw
EPSS Score
-
CWE
CWE-79
Published
5/13/2022
Updated
10/3/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
rainlab/blog-plugincomposer< 1.4.11.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key points: 1) The BlogMarkdown widget explicitly disabled HTML cleaning via shouldCleanHtml(), passing raw input to the model. 2) The Post::formatHtml method lacked proper HTML sanitization (via Html::clean()) for non-privileged users before the patch. Together, these allowed unauthenticated XSS through blog post content. The patch added Html::clean() conditional checks in Post.php and formalized the unsafe Markdown permission, confirming these were the missing safeguards.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** R*inL** *lo* Plu*in us** in O*to**r *MS t*rou** *.*.*** *llows XSS *y *nt*rin* *TML on t** *** Posts p***.

Reasoning

T** vuln*r**ility st*ms *rom two k*y points: *) T** *lo*M*rk*own wi***t *xpli*itly *is**l** *TML *l**nin* vi* s*oul**l**n*tml(), p*ssin* r*w input to t** mo**l. *) T** Post::*orm*t*tml m*t*o* l**k** prop*r *TML s*nitiz*tion (vi* *tml::*l**n()) *or no