CVE-2022-46889

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.

xiaomlove/nexusphp
xiaomlove/nexusphp
A private tracker application base on NexusPHP
GitHubGitHub
1.17K