PHPEMS Content Section api.cls.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

PHPEMS 跨站脚本漏洞

PHPEMS是一个PHP在线模拟考试系统。 PHPEMS 7.0版本存在跨站脚本漏洞，该漏洞源于组件Content Section Handler存在跨站脚本（XSS）漏洞。

N/A

N/A