2 matches found
CVE-2018-7476
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...
CVE-2018-7476
CVE-2018-7476 affects FineCms 5.3.0. A Cross Site Scripting (XSS) flaw exists in controllers/admin/Linkage.php reachable via id or lid in a c=linkage,m=import request to admin.php, where the xss_clean protection is bypassed by crafted input that omits ''. The vulnerability is documented across NV...