Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the PreviousColorsString parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flexcms flexcms 2.5 |
||
flexcms flexcms 2.0 |