francoisjacquet/rosariosis is vulnerable to cross-site scripting. The vulnerability exists because it does not escape HTML entities from URL in PreparePHP_SELF.fnc.php, allowing an attacker to inject and execute malicious script.
CPE | Name | Operator | Version |
---|---|---|---|
francoisjacquet/rosariosis | eq | v9.0 | |
francoisjacquet/rosariosis | eq | v9.0 |