Featuring a CVSSv3 score of 8.2, the remote code execution flaw impacts content management system (CMS) and layouts. The vulnerability allows an administrator with limited privileges to introduce malicious code when creating a new CMS page, which would potentially result in arbitrary remote code execution.
Read full news article on SecurityWeek