Reflected XSS vulnerability in FluentCMS

Description:
A reflected cross-site scripting (XSS) vulnerability was identified in the admin page.
User input is not properly sanitized before being reflected in the HTTP response.

Impact:
An attacker could craft a malicious URL that executes arbitrary JavaScript in the victim’s browser.

Recommendation:
Implement proper input validation and output encoding on both frontend and backend.

Note:
Detailed reproduction steps and screenshots have been shared with the maintainer privately.

You can reproduce the vulnerability by following the steps below.

<img width="914" height="502" alt="Image" src="https://github.com/user-attachments/assets/65318aba-530e-42f2-97d7-406dd48e13e5" />

<img width="1280" height="240" alt="Image" src="https://github.com/user-attachments/assets/4e69a843-e606-431a-b34b-c2bc6d51a6df" />

<img width="712" height="525" alt="Image" src="https://github.com/user-attachments/assets/536451da-e112-4221-b44a-d5baf07b47cf" />

<img width="1280" height="240" alt="Image" src="https://github.com/user-attachments/assets/07016b76-4048-4274-8408-48fce72d9606" />

<img width="992" height="553" alt="Image" src="https://github.com/user-attachments/assets/70c9a9f9-a98f-417a-b02f-c817c872bef9" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reflected XSS vulnerability in FluentCMS #2403

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Reflected XSS vulnerability in FluentCMS #2403

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions