Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NSoftaculous Webuzo
APPSoftaculous1.01.11.21.31.41.51.61.71.81.92.02.0.12.0.22.0.32.0.4+ 6 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References
Related vulnerabilities
CVE-2024-24621CRITICAL9.8PL ✓ten sam produkt
Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła
CVE-2024-24622HIGH8.8ten sam produkt
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...
CVE-2024-24623HIGH8.8ten sam produkt
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...
CVE-2013-6041HIGH7.5ten sam produkt
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell m...
CVE-2013-6043MEDIUM5.0ten sam produkt
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentica...