CVE-2017-9451

2017-06-0616:29:00

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER[‘PHP_SELF’] to generate URLs.

CPENameOperatorVersion
flatcore-cmseq1.1.1
flatcore-cmseqVersion1.0
flatcore-cmseq1.3
flatcore-cmseq1.4.7-b76
flatcore-cmseq1.4beta4
flatcore-cmseq1.4.7-b74
flatcore-cmseq1.4beta2
flatcore-cmseq1.4.7-b75
flatcore-cmseqRC4v2
flatcore-cmseq1.4.5

Name	Operator	Version
flatcore-cms	eq	1.1.1
flatcore-cms	eq	Version1.0
flatcore-cms	eq	1.3
flatcore-cms	eq	1.4.7-b76
flatcore-cms	eq	1.4beta4
flatcore-cms	eq	1.4.7-b74
flatcore-cms	eq	1.4beta2
flatcore-cms	eq	1.4.7-b75
flatcore-cms	eq	RC4v2
flatcore-cms	eq	1.4.5