إرسال #224400: Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameterالمعلومات

عنوانCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter
الوصفCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter. Vulnerable source code: if (isset($_GET['customblock_place'])) { $customblock_place = $_GET['customblock_place']; echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>"; } Unfiltered parameters, which can bypass and generate xss vulnerabilities
المصدر⚠️ https://github.com/flusity/flusity-CMS/issues/1
المستخدم
 zihe (UID 56943)
ارسال23/10/2023 09:50 AM (3 سنوات منذ)
الاعتدال26/10/2023 09:19 AM (3 days later)
الحالةتمت الموافقة
إدخال VulDB243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place البرمجة عبر المواقع]
النقاط20

Might our Artificial Intelligence support you?

Check our Alexa App!