Cross-Site Scripting (XSS)

funadmin is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the JS file name which could be maliciously constructed via tagLoad function of the file Cx.php, which allows an attacker to inject and execute malicious JavaScript on the victim's browser...

CVE-2023-2477

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

Cross site scripting

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2023-2477 Funadmin Cx.php tagLoad cross site scripting

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

PT-2023-19771 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: Funadmin versions up to 3.2.3 Description: A vulnerability has been found in the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross-site scripting. The attack can be launched remotely. Recommendations: F...