{"id":"CVE-2019-14518","details":"Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the \"access policy in the administration panel.","modified":"2026-07-08T20:30:53.368226Z","published":"2019-08-15T16:15:12.007Z","references":[{"type":"EVIDENCE","url":"https://github.com/evolution-cms/evolution/issues/1041"},{"type":"EVIDENCE","url":"https://github.com/evolution-cms/evolution/issues/1042"},{"type":"EVIDENCE","url":"https://github.com/evolution-cms/evolution/issues/1043"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/evolution-cms/evolution","events":[{"introduced":"8b2d2d946907c684a3a0ae54860a505908aebdc5"},{"last_affected":"8b2d2d946907c684a3a0ae54860a505908aebdc5"}],"database_specific":{"cpe":"cpe:2.3:a:modx:evolution_cms:2.0.0:alpha:*:*:*:*:*:*","extracted_events":[{"introduced":"2.0.0-alpha"},{"last_affected":"2.0.0-alpha"}],"source":"CPE_STRING"}}],"versions":["2.0.0-alpha"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14518.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}