CVE-2018-20837 (typesetter)

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
Source: NIST
CVE-2018-20837 (typesetter)