francoisjacquet/rosariosis is vulnerable to cross-site scripting(XSS) attacks. The vulnerability exists because the FileExtensionWhiteList
function in FileUpload.fnc.php
does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal user’s cookies.
CPE | Name | Operator | Version |
---|---|---|---|
francoisjacquet/rosariosis | le | v8.9.2 | |
francoisjacquet/rosariosis | le | v8.9.2 |