The Public tologin feature in admin.php in LvyeCMS up to and including 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lvyecms project lvyecms |