Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the URL encode key in PreparePHP_SELF.php, leading to an admin session hijacking or executing arbitrary requests using the admin’s session.