| ଶୀର୍ଷକ | Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter |
|---|
| ବର୍ଣ୍ଣନା | Customiblock in custombock.php in fluency CMS_ XSS (Cross Site Scripting) exists for the place parameter.
Vulnerable source code:
if (isset($_GET['customblock_place'])) {
$customblock_place = $_GET['customblock_place'];
echo "<script>loadCustomBlocCreateForm('$customblock_place');</script>";
}
Unfiltered parameters, which can bypass and generate xss vulnerabilities
|
|---|
| ଉତ୍ସ | ⚠️ https://github.com/flusity/flusity-CMS/issues/1 |
|---|
| ଉପଭୋକ୍ତା | zihe (UID 56943) |
|---|
| ଦାଖଲ | 10/23/2023 09:50 AM (2 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 10/26/2023 09:19 AM (3 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 243599 [flusity CMS Dashboard customblock.php loadCustomBlocCreateForm customblock_place କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ] |
|---|
| ପଏଣ୍ଟ | 20 |
|---|