VYPR
Medium severity6.1OSV Advisory· Published Jan 10, 2018· Updated Jun 17, 2026

CVE-2017-1000428

CVE-2017-1000428

Description

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flatcore/Flatcore CMSOSV2 versions
    RC4v1, RC4v2, ReleaseCandidate2, …+ 1 more
    • (no CPE)range: RC4v1, RC4v2, ReleaseCandidate2, …
    • (no CPE)range: =1.4.6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.