Design/Logic Flaw

2018-01-1002:29:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER[‘PHP_SELF’] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.

CPENameOperatorVersion
flatcore-cmseq1.4.6

CPE	Name	Operator	Version
	flatcore-cms	eq	1.4.6

References

github.com/flatCore/flatCore-CMS/issues/35