NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30114)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'returnto' parameter to the fun.php file durin...