MEDIUM
Phalconeye Project
CVE published 2017-02-12
CVE-2017-5960
CVE-2017-5960 describes a cross-site scripting issue in Phalcon Eye through version 0.4.1. The problem stems from insufficient filtering of user-supplied data in multiple HTTP GET parameters passed to the affected frame.php endpoint, allowing script or HTML injection in the context of the vulnerable website.