2024-10-25 00:00:00
mitre
PUBLISHED
An issue was found in funadmin 5.0.2. The selectfiles method in backendcontrollersysAttachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).