2 matches found
CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages⊂=edit=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system⊂=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...
CVE-2020-17451
CVE-2020-17451 affects flatCore before 1.5.7. The issue is a reflected XSS vulnerability exploitable by an admin via acp/acp.php?tn=pages&sub=edit&editpage=1 (parameters: page_linkname, page_title, page_content, page_extracontent) or acp/acp.php?tn=system&sub=sys_pref (prefs_pagename, prefs_paget...