CVE-2023-2477

LOW

Funadmin < 3.2.3 - XSS

Title source: rule

Description

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.

Exploits (1)

gitee 3,230 stars
by funcmf · phpwriteup
https://gitee.com/funadmin/funadmin/issues/I6W2YL

References (3)

Scores

CVSS v3 3.5
EPSS 0.0008
EPSS Percentile 23.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
funadmin/funadmin < 3.2.3
Published May 02, 2023
Tracked Since Feb 18, 2026