*1. Introduction* Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 *2. Overview* Technical Description: There are multiple Persistent XSS vulnerabilities in Radiant Content Management System. These vulnerabilities exists due to insufficient filtration/sanitization of user-supplied data. *3. Affected Modules* This affects multiple parameters within: 1. Personal Preferences : Name and Username 2. Configuration : Site Title, Dev Site Domain, Page Parts, and Page Fields *4. Impact* A remote attacker may leverage this issue to execute arbitrary script code in the browser of victim in the context of the affected CMS. *5. Payload* <script>alert('XSS')</script> *6. Credit* Suparna Kachroo (@Sud0__su)
