pressloft.fr XSS vulnerability

Open Bug Bounty ID: OBB-359824 Description| Value ---|--- Affected Website:| pressloft.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

PI Engine Arbitrary File Read Vulnerability

PI Engine is an open source CMS system. The /browser.php page of PI Engine is used to provide file browsing functionality, which has flaws in checking file types and also does not correctly restrict file paths, allowing attackers to construct paths to access files in any directory...