An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php
directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).
{ "nvd_published_at": "2024-10-25T22:15:02Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-10-28T14:38:35Z" }