Cross site scripting

2017-06-0616:29:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER[‘PHP_SELF’] to generate URLs.

CPENameOperatorVersion
flatcoreeq1.4.6

CPE	Name	Operator	Version
	flatcore	eq	1.4.6

References

github.com/flatCore/flatCore-CMS/commit/f1b42b338693a9c240182e76ef2131057f2c2a87

github.com/flatCore/flatCore-CMS/issues/34