2 matches found
CVE-2020-13563
CVE-2020-13563 covers multiple XSS vulnerabilities in phpGACL 3.3.7 templates. The Red Hat, NVD, OSV, CVE.org and TALOS entries describe XSS via unsanitized Smarty template variables such as group_id, acl_id and action, leading to arbitrary JavaScript execution when crafting specific HTTP request...
phpGACL template multiple cross-site scripting vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...