CVE-2018-17049
CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action.
6.1CVSS
5.9AI Score
0.001EPSS