CVE-2018-18307by Jeremyin Security Bulletinson Posted on October 17, 2018 A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field.