Отправить #664560: CMSeasy V7 Cross Site ScriptingИнформация

Название	CMSeasy V7 Cross Site Scripting
Описание	During a security assessment of Cmseasy, a critical Cross-site Scripting (XSS) vulnerability was discovered in the lib/inc/view.php file. This vulnerability is attributed to the insufficient output encoding of user-supplied input for the PHP_SELF parameter. This allows attackers to inject malicious client-side scripts. When other users visit the page containing the malicious script, it executes within their browser, potentially leading to session hijacking, data theft, or page defacement. Immediate corrective action is essential to safeguard the system and its users.
Источник	⚠️ https://github.com/tiancesec/CVE/issues/5
Пользователь	tiancesec (UID 90883)
Представление	28.09.2025 10:51 (8 месяцы назад)
Модерация	05.10.2025 17:35 (7 days later)
Статус	принято
Запись VulDB	327215 [CmsEasy до 7.7.7 URL lib/inc/view.php PHP_SELF межсайтовый скриптинг]
Баллы	20

Might our Artificial Intelligence support you?

Check our Alexa App!