Description
Any authenticated user can inject malicious code using the parameter contact.php?theme=inject>
resulting in a Reflected XSS vulnerability.
The flaw arises because the parameter hasn’t been properly sanitised, which might result in malicious code being injected and executed on the target’s browser.
Recommendation
- Update Mara CMS to the latest version
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.