CVE-2021-23836
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefssmtppsw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. Th...