DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-03-30
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
CVSS Score
4.8
EPSS Score
0.006
Published
2022-03-25
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-08