Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nucleus cms nucleus cms 3.31 |