Data passed to the users array is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrators browser session in context of an affected site when the Activity Log is viewed.
cc67de8d3167145440b4ed145030b423dd22807da9517ae0f71cfb1c16061d66
Input passed to the file variable is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrators browser session in context of an affected site when the Activity Log is viewed. An example is attempting to login with an incorrect username or password. Where the username field of /login.php contains the arbitrary code.
9aa26d8519a316bcf4e01169b7db8644df7dfeb5b855c28b4f3f0a3526069f81
Input passed to the action variable is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrators browser session in context of an affected site when the Activity Log is viewed.
a6102b2fa441bfbc1fcb269869a3b548e081841bdfd6312411c60a6b99c6e401