Cross-Site Scripting (XSS)

funadmin/funadmin is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the lack of input validation and filtering of parameters passed to the param variable in the selectfiles method of \backend\controller\sys\Attachh.php, allowing an attacker to inject malicious scripts into th...