| शीर्षक | funadmin v7.1.0-rc4 Cross-Site Scripting |
|---|
| विवरण | In app/backend/view/index/index.html, system configuration values are rendered directly in the backend interface without proper input sanitization or output encoding, resulting in a cross-site scripting (XSS) vulnerability.
According to
https://vuldb.com/zh/?submit.753972
, the affected component also suffers from an unauthorized access issue, which allows attackers to interact with backend functionality without authentication.
As a result, an attacker can exploit this XSS vulnerability without logging in, leading to an unauthorized backend XSS vulnerability.
Successful exploitation allows the execution of arbitrary JavaScript code in the administrator’s browser, potentially leading to session hijacking, privilege escalation, or full compromise of the backend system. |
|---|
| स्रोत | ⚠️ https://github.com/I4m6da/CVE/issues/4 |
|---|
| उपयोगकर्ता | I4m6da (UID 95320) |
|---|
| सबमिशन | 07/02/2026 01:25 PM (4 महीनों पहले) |
|---|
| संयम | 20/02/2026 07:57 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347208 [funadmin तक 7.1.0-rc4 Backend Interface index.html मूल्य क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|