Medium severity6.1OSV Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2017-1000428
CVE-2017-1000428
Description
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2RC4v1, RC4v2, ReleaseCandidate2, …+ 1 more
- (no CPE)range: RC4v1, RC4v2, ReleaseCandidate2, …
- (no CPE)range: =1.4.6
Patches
Vulnerability mechanics
References
1- github.com/flatCore/flatCore-CMS/issues/35nvdThird Party Advisory
News mentions
0No linked articles in our index yet.