Submeter #664560: CMSeasy V7 Cross Site Scriptinginformação

TítuloCMSeasy V7 Cross Site Scripting
DescriçãoDuring a security assessment of Cmseasy, a critical Cross-site Scripting (XSS) vulnerability was discovered in the lib/inc/view.php file. This vulnerability is attributed to the insufficient output encoding of user-supplied input for the PHP_SELF parameter. This allows attackers to inject malicious client-side scripts. When other users visit the page containing the malicious script, it executes within their browser, potentially leading to session hijacking, data theft, or page defacement. Immediate corrective action is essential to safeguard the system and its users.
Fonte⚠️ https://github.com/tiancesec/CVE/issues/5
Utilizador
 tiancesec (UID 90883)
Submissão28/09/2025 10h51 (há 8 meses)
Moderação05/10/2025 17h35 (7 days later)
EstadoAceite
Entrada VulDB327215 [CmsEasy até 7.7.7 URL lib/inc/view.php PHP_SELF Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!