2 matches found
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability exploitable through the device_name parameter in manager/admin_ajax.php?action=save flag=add. The root cause is likely inadequate input sanitization of device_name, allowing injected scripts to be reflected in the applica...