2 matches found
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
MaNGOSWebV4 cross-site scripting vulnerability (CNVD-2017-03506)
MaNGOSWeb is a World of Warcraft private server CMS. maNGOSWebV4 is one of the versions. A cross-site scripting vulnerability exists in the inc/admin/templatefiles/admin.fplinks.php page of MaNGOSWebV4. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...