Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️‍♂️ Proof...

Code injection

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code...