CVE-2018-17049

CVE-2018-17049

CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action.

Source: CVE-2018-17049