MEDIUM
Reasoncms
CVE published 2017-03-05
CVE-2017-6486
CVE-2017-6486 is a cross-site scripting (XSS) vulnerability in reasoncms versions before 4.7.1. The issue is tied to insufficient filtering of user-supplied input passed to the nyroModalSel parameter on the /reasoncms-master/www/nyroModal/demoSent.php URL. Because the flaw can execute attacker-controlled HTML and JavaScript in a browser under the vulnerable site’s context, it is a client-side integrity an [truncated]