Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2024/10/26 12:32 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering in the selectfiles method in the \controller\sys\Attachh.php file. An attacker can inject malicious scripts by passing unfiltered parameters and values into the param parameter. Details...

6.1CVSS5.3AI score0.00168EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2024/10/26 12:32 a.m.13 views

Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.5AI score0.00168EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/10/26 12:32 a.m.4 views

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS6.1AI score0.00168EPSS
Exploits1References3
NVD
NVDadded 2024/10/25 10:15 p.m.12 views

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.1CVSS0.00168EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/10/25 12:0 a.m.2 views

PT-2024-33038 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: An issue was found in the selectfiles method in backendcontrollersysAttachh.php, where it directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site...

6.1CVSS5.4AI score0.00168EPSS
Exploits1References8
CNNVD
CNNVDadded 2024/10/25 12:0 a.m.1 views

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from the selectfiles method in ackendcontrollersysAttachh.php directly depositing incoming paramete...

6.1CVSS5.8AI score0.00168EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/10/25 12:0 a.m.7 views

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

6.5AI score0.00168EPSS
Exploits1References1
Rows per page
Query Builder