MEDIUM
Groovel Project
CVE published 2017-03-05
CVE-2017-6480
CVE-2017-6480 describes a reflected cross-site scripting (XSS) vulnerability in groovel/cmsgroovel before 3.3.7-beta. The issue is in commons/browser.php and involves the path parameter, allowing attacker-controlled input to be reflected into a victim’s browser. Because exploitation requires user interaction, the risk is typically highest where users can be lured into opening a crafted link or visiting a [truncated]