CVE-2023-2477
LOWfunadmin < 3.2.3 - Cross-Site Scripting via tagLoad Function in Cx.php
Title source: llmDescription
A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.
References (3)
Core 3
Core References
VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.227869
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.227869
Exploit, Issue Tracking exploit
issue-tracking
https://gitee.com/funadmin/funadmin/issues/I6W2YL
Scores
CVSS v3
3.5
EPSS
0.0020
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
funadmin/funadmin
< 3.2.3
Published
May 02, 2023
Tracked Since
Feb 18, 2026