|
Description: | | A reflected cross-site scripting vulnerability has been reported in phpGACL. This vulnerability is due to insufficient validation of 'action' parameter. A remote attacker can exploit this vulnerability by enticing a target user into clicking a malicious link. Successful exploitation could allow attacker to perform operations under the security context of other users. |
|
Impact: | | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. |
|
Affected OS: | | Windows, Linux, Others |
|
Reference: | | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177
|
|