CVE-2017-1000428

FlatCore-CMS 1.4.6 is vulnerable to both reflected and stored XSS. The reflected XSS occurs in user_management.php via $_SERVER['PHP_SELF'] when building links, and a stored XSS is present in the admin log panel through a malformed User-Agent string. The CVE description and multiple connected rec...