3 matches found
CVE-2017-8302
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...
CVE-2017-8302
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...
CVE-2017-8302
CVE-2017-8302 affects Mura CMS 7.0.6967 and enables Cross‑Site Scripting via the admin/?muraAction= parameter, impacting multiple admin views (list.cfm, dsp_*.cfm, loadsiteflat.cfm, etc.). The root cause is reflected/stored XSS in the muraAction handling within the admin CFML components. Public r...