提出 #224400: Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter情報

タイトルCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter
説明Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter. Vulnerable source code: if (isset($_GET['customblock_place'])) { $customblock_place = $_GET['customblock_place']; echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>"; } Unfiltered parameters, which can bypass and generate xss vulnerabilities
ソース⚠️ https://github.com/flusity/flusity-CMS/issues/1
ユーザー
 zihe (UID 56943)
送信2023年10月23日 09:50 (3 年 ago)
モデレーション2023年10月26日 09:19 (3 days later)
ステータス承諾済み
VulDBエントリ243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place クロスサイトスクリプティング]
ポイント20

Want to know what is going to be exploited?

We predict KEV entries!