francoisjacquet/rosariosis is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the URL encode key in PreparePHP_SELF.php
, leading to an admin session hijacking or executing arbitrary requests using the admin’s session.
CPE | Name | Operator | Version |
---|---|---|---|
francoisjacquet/rosariosis | le | 6.5.1 | |
francoisjacquet/rosariosis | le | 6.5.1 |