An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
References
Link | Resource |
---|---|
https://github.com/funadmin/funadmin/issues/31 |
Configurations
No configuration.
History
28 Oct 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 22:15
Updated : 2024-10-28 20:35
NVD link : CVE-2024-48228
Mitre link : CVE-2024-48228
CVE.ORG link : CVE-2024-48228
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')