Invia #224400: Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameterinformazioni

TitoloCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter
DescrizioneCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter. Vulnerable source code: if (isset($_GET['customblock_place'])) { $customblock_place = $_GET['customblock_place']; echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>"; } Unfiltered parameters, which can bypass and generate xss vulnerabilities
Fonte⚠️ https://github.com/flusity/flusity-CMS/issues/1
Utente
 zihe (UID 56943)
Sottomissione23/10/2023 09:50 (3 anni fa)
Moderazione26/10/2023 09:19 (3 days later)
StatoAccettato
Voce VulDB243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place cross site scripting]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!