gpEasy CMS version 3.5.2 is vulnerable to perform cross-site scripting (XSS) attacks against logged-in administrator. Details of HTB23137 Cross-Site Scripting (XSS) vulnerability in gpEasy disclosed this week. The vulnerability exists due to insufficient sanitisation of user-supplied data in "section" HTTP GET parameter passed to "index.php" script. Vulnerability is fixed, change your "include/tool/editing_page.php" script to the latest version from GitHub. Full details available on researcher's page.
No comments:
Post a Comment