A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.
CPE | Name | Operator | Version |
---|---|---|---|
humhub | eq | 1.2.0-beta.2 | |
humhub | eq | 0.11.1 | |
humhub | eq | 1.2.1 | |
humhub | eq | 0.10.0-rc.1 | |
humhub | eq | 1.2.3 | |
humhub | eq | 0.9.0-rc.2 | |
humhub | eq | 1.3.2 | |
humhub | eq | 0.20.0-beta.2 | |
humhub | eq | 0.9.0 | |
humhub | eq | 1.3.3 |