You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Javascript Injection in Vending Info/Buyers Info Module
Moderate
Akkarinage
published
GHSA-xvqv-25vf-88g4Sep 16, 2024
Package
No package listed
Affected versions
< 1.3
Patched versions
None
Description
Summary
A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized.
This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages.
Impact
All logged in to fluxcp users can have their session info stolen.
Summary
A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized.
This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages.
Impact
All logged in to fluxcp users can have their session info stolen.