CVE-2024-48228 | THREATINT

Description

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

PUBLISHED Reserved 2024-10-08 | Published 2024-10-25 | Updated 2024-10-28 | Assigner mitre

References

github.com/funadmin/funadmin/issues/31

cve.org (CVE-2024-48228)

nvd.nist.gov (CVE-2024-48228)

Download JSON