Vulnerability
Description
Any authenticated user can inject malicious code using the parameter contact.php?theme=inject> resulting in a Reflected XSS vulnerability.
The flaw arises because the parameter hasn’t been properly sanitised, which might result in malicious code being injected and executed on the target’s browser.
Recommendation
- Update Mara CMS to the latest version
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
