| عنوان | Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter |
|---|
| الوصف | Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter.
Vulnerable source code:
if (isset($_GET['customblock_place'])) {
$customblock_place = $_GET['customblock_place'];
echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>";
}
Unfiltered parameters, which can bypass and generate xss vulnerabilities
|
|---|
| المصدر | ⚠️ https://github.com/flusity/flusity-CMS/issues/1 |
|---|
| المستخدم | zihe (UID 56943) |
|---|
| ارسال | 23/10/2023 09:50 AM (3 سنوات منذ) |
|---|
| الاعتدال | 26/10/2023 09:19 AM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|