CVE-2017-1000428

2018-01-1002:29:31

Google

osv.dev

0.001 Low

EPSS

Percentile

31.3%

JSON

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER[‘PHP_SELF’] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.

CPENameOperatorVersion
flatcore-cmseq1.4beta3
flatcore-cmseqRC4v2
flatcore-cmseq1.4beta4
flatcore-cmseq1.4.5
flatcore-cmseq1.4beta2
flatcore-cmseqReleaseCandidate3
flatcore-cmseqReleaseCandidate4
flatcore-cmseq1.0
flatcore-cmseqVersion1.0
flatcore-cmseq1.3

Name	Operator	Version
flatcore-cms	eq	1.4beta3
flatcore-cms	eq	RC4v2
flatcore-cms	eq	1.4beta4
flatcore-cms	eq	1.4.5
flatcore-cms	eq	1.4beta2
flatcore-cms	eq	ReleaseCandidate3
flatcore-cms	eq	ReleaseCandidate4
flatcore-cms	eq	1.0
flatcore-cms	eq	Version1.0
flatcore-cms	eq	1.3

Rows per page:

1-10 of 171

References

github.com/flatCore/flatCore-CMS/issues/35

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for OSV:CVE-2017-1000428