Fork CMS version 3.2.5 suffers from a cross site scripting vulnerabilities:
Input passed via the: "type" and "querystring" GET parameters to "/private/en/error"; "name" GET parameter to "/private/en/locale/index" is not properly sanitised before being returned to the user.
Vulnerability ID: HTB23075
Vendor Notification / Vendor Patch / Public Disclosure Dates: 15 February / 28 February / 7 March
Vulnerabilities Type: Cross Site Scripting (XSS)
Solution Status: Fixed by Vendor
Risk level: Medium
No comments:
Post a Comment