Опубликовано: 26 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 2.1
CVSS3: 6.1
Описание
Funadmin Cross-site Scripting vulnerability
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
Пакеты
Наименование
funadmin/funadmin
composer
Затронутые версииВерсия исправления
<= 5.0.2
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 1 года назад
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).