Submeter #224400: Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameterinformação

TítuloCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter
DescriçãoCustomiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter. Vulnerable source code: if (isset($_GET['customblock_place'])) { $customblock_place = $_GET['customblock_place']; echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>"; } Unfiltered parameters, which can bypass and generate xss vulnerabilities
Fonte⚠️ https://github.com/flusity/flusity-CMS/issues/1
Utilizador
 zihe (UID 56943)
Submissão23/10/2023 09h50 (há 3 anos)
Moderação26/10/2023 09h19 (3 days later)
EstadoAceite
Entrada VulDB243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place Script de Site Cruzado]
Pontos20

Do you want to use VulDB in your project?

Use the official API to access entries easily!