funadmin is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the JS file name which could be maliciously constructed via tagLoad
function of the file Cx.php
, which allows an attacker to inject and execute malicious JavaScript on the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
funadmin/funadmin | le | v3.2.3 | |
funadmin/funadmin | le | v3.2.3 |