glfusion: XSS-Reflected vulnerability
CVE-2021-45843
Vendor
Description:
glFusion CMS v1.7.9 is affected by XSS-Reflected vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eklaq" accesskey=x onclick=alert(1)//pjq5jrwco4o was submitted in the title parameter. This input was echoed unmodified in the application's response. An example attack: A simple lure is sent by an attacker for the victim on email, to visit a vulnerable website, using their website for this lure.
