FUEL-CMS icon indicating copy to clipboard operation
FUEL-CMS copied to clipboard
verified publisher icon daylightstudio

Wrong fuel_url param

Open QiAnXinCodeSafe opened this issue 7 years ago • 0 comments

https://github.com/daylightstudio/FUEL-CMS/blob/b24104b1152601e0c2f834b87c36e954e90912e8/fuel/modules/fuel/views/_blocks/module_create_edit_actions.php#L53

fuel_url's second param is $query_string, when it is true, $url contains user's query string. May cause a reflected XSS.

QiAnXinCodeSafe avatar Jun 22 '18 10:06 QiAnXinCodeSafe