Enviar #664560: CMSeasy V7 Cross Site Scriptinginformación

TítuloCMSeasy V7 Cross Site Scripting
DescripciónDuring a security assessment of Cmseasy, a critical Cross-site Scripting (XSS) vulnerability was discovered in the lib/inc/view.php file. This vulnerability is attributed to the insufficient output encoding of user-supplied input for the PHP_SELF parameter. This allows attackers to inject malicious client-side scripts. When other users visit the page containing the malicious script, it executes within their browser, potentially leading to session hijacking, data theft, or page defacement. Immediate corrective action is essential to safeguard the system and its users.
Fuente⚠️ https://github.com/tiancesec/CVE/issues/5
Usuario
 tiancesec (UID 90883)
Sumisión2025-09-28 10:51 (hace 8 meses)
Moderación2025-10-05 17:35 (7 days later)
EstadoAceptado
Entrada de VulDB327215 [CmsEasy hasta 7.7.7 URL lib/inc/view.php PHP_SELF secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!