This issue is stale because it has been open 1 year with no activity. If this is a bug, please comment to confirm it is still present on latest stable version. if this is a feature request, please comment to notify the request is still relevant and not yet covered by latest stable version. Without comment, this issue will be closed automatically by stale bot in 15 days.
Hello,
Several reflected XSS can be found in version 6.0.4.
This is because the id parameter is not properly validated in the function:
Therefore php code like
Will lead to reflected xss as it can be seen in the module 'card.php':
The same bug exists in various other modules
Cheers
The text was updated successfully, but these errors were encountered: