Cross Site Scripting in Funadmin by Funadmin
CVE-2024-48228

6.1MEDIUM

Key Information:

Vendor: Funadmin
Status: Funadmin
Vendor: CVE Published:; 25 October 2024

What is CVE-2024-48228?

A vulnerability has been discovered in Funadmin version 5.0.2, wherein the selectfiles method within the Attachh.php controller improperly stores parameters and values without adequate validation. This flaw enables malicious actors to inject harmful scripts into web pages, potentially compromising user sessions and sensitive information through Cross Site Scripting (XSS) attacks. Developers and system administrators are urged to apply appropriate filters and sanitation methods to mitigate this vulnerability and secure their applications.

References

https://github.com/funadmin/funadmin/issues/31

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 8, 2024

CVE-2024-48228 Data

JSON