CVE-2018-20418

Name: CVE-2018-20418
Creator: NVD / NIST
Published: 2018-12-24T04:29:00.243+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.70%

Last modified Jun 17, 2026

CVE-2018-20418 is a vulnerability of currently unknown severity. index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.. EPSS estimates a 3.70% chance of exploitation in the next 30 days.

Description

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

Metrics

EPSS Probability

3.70%

88.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Craftcms	Craft Cms	3.0.25

References

https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.mdRelease Notes, Third Party Advisory
https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-ScriptingExploit, Third Party Advisory
https://www.exploit-db.com/exploits/46054/Exploit, Third Party Advisory, VDB Entry
https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.htmlExploit, Third Party Advisory
https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.mdRelease Notes, Third Party Advisory
https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-ScriptingExploit, Third Party Advisory
https://www.exploit-db.com/exploits/46054/Exploit, Third Party Advisory, VDB Entry
https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.htmlExploit, Third Party Advisory

Timeline

Published: Dec 24, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-20418?

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.

How severe is CVE-2018-20418?

Severity scoring for CVE-2018-20418 is pending analysis. The EPSS model estimates a 3.70% probability of exploitation in the next 30 days.

How do I fix CVE-2018-20418?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-20418?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST