rainlab/user-plugin is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the improper use of form_value
which does not provide escaping of user input, allowing XSS to occur.
CPE | Name | Operator | Version |
---|---|---|---|
rainlab/user-plugin | eq | dev-master | |
rainlab/user-plugin | eq | dev-notify | |
rainlab/user-plugin | eq | dev |