CVE-2024-48228

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48228

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48228.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48228

Aliases

GHSA-j9wp-x5q5-xh2f

Published

2024-10-25T22:15:02Z

Modified

2025-06-11T11:00:01.956929Z

Summary

[none]

Details

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

References

https://github.com/funadmin/funadmin/issues/31

Affected packages

Git / github.com/funadmin/funadmin

Affected ranges

Type: GIT
Repo: https://github.com/funadmin/funadmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

427a2911398489110a5e64841b66db700283bc55

Affected versions

v1.*

v1.02

v1.1

v1.5.0

v2.*

v2.1.0

v2.2

v2.2.10

v2.2.11

v2.2.12

v2.2.13

v2.2.14

v2.2.6

v2.2.9

v2.3

v2.3.1

v2.3测试版

v2.4.0

v2.4.1

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v3.*

v3.0

v3.0.1

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v5.*

v5.0.0

v5.0.1

v5.0.2