Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://github.com/beego/beego | third party advisory |
https://github.com/beego/beego/issues/4727 | issue tracking patch exploit third party advisory |