Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
flusity CMS posts.php loadPostAddForm cross site scripting
Vulnerability Description
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
flusity CMS 安全漏洞
Vulnerability Description
flusity CMS是一个可以轻松更改或添加代码的用户交互界面解决方案。 Flusity CMS 存在安全漏洞,该漏洞源于 core/tools/posts.php 的 loadPostAddForm 函数中的参数 menu_id 会导致跨站点脚本编写。
CVSS Information
N/A
Vulnerability Type
N/A