{"id":"CVE-2018-19600","details":"Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.","modified":"2026-04-10T04:08:59.672604Z","published":"2019-01-03T20:29:00.437Z","references":[{"type":"FIX","url":"https://github.com/rhymix/rhymix/issues/1088"},{"type":"EVIDENCE","url":"https://github.com/security-breachlock/CVE-2018-19600/blob/master/XSS.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rhymix/rhymix","events":[{"introduced":"0"},{"last_affected":"65a96a034425fd06fe999933ea290ed3057f74e7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.8.1"}]}}],"versions":["1.4.5","1.5.0","1.5.0.1","1.5.0.2","1.5.0.3","1.5.0.4","1.5.0.5","1.5.0.6","1.5.0.7","1.5.0.8","1.5.0.9","1.5.1","1.5.1.1","1.5.1.10","1.5.1.11","1.5.1.2","1.5.1.3","1.5.1.4","1.5.1.5","1.5.1.6","1.5.1.7","1.5.1.8","1.5.1.9","1.5.2","1.5.2.1","1.5.2.2","1.5.2.3","1.5.2.4","1.5.2.5","1.5.2.6","1.5.2.7","1.5.3","1.5.3.2","1.7.10","1.7.11","1.7.12","1.7.13","1.7.3.4","1.7.3.5","1.7.3.6","1.7.5.3","1.7.5.4","1.7.5.5","1.7.5.6","1.7.5.7","1.7.6","1.7.7","1.7.7.1","1.7.7.2","1.7.8","1.7.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.12","1.8.13","1.8.14","1.8.15","1.8.17","1.8.18","1.8.2","1.8.20","1.8.21","1.8.22","1.8.23","1.8.24","1.8.25","1.8.26","1.8.27","1.8.28","1.8.29","1.8.3","1.8.30","1.8.31","1.8.32","1.8.33","1.8.34","1.8.35","1.8.36","1.8.37","1.8.38","1.8.39","1.8.4","1.8.40","1.8.41","1.8.42","1.8.43","1.8.44","1.8.45","1.8.46","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19600.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}