A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgacl project phpgacl 3.3.7 |
||
open-emr openemr 5.0.2 |