MEDIUM
Mangoswebv4 Project
CVE published 2017-03-05
CVE-2017-6478
CVE-2017-6478 is a reflected cross-site scripting issue in MaNGOSWebV4’s installer endpoint. The vulnerable path is install/index.php, with the step parameter identified as the injection point. NVD marks versions before 4.0.8 as affected and rates the issue Medium (CVSS 6.1).