Title: funadmin v7.1.0-rc4 Cross-Site Scripting Description: Vulnerability Type: Cross-Site Scripting (XSS) Affected File: Issue: System configuration values are rendered directly in the backend interface without proper input sanitization or output encoding. Additional Issue: Affected component also suffers from an unauthorized access issue, allowing attackers to interact with backend functionality without authentication. Impact: Successful exploitation allows the execution of arbitrary JavaScript code in the administrator's browser, potentially leading to session hijacking, privilege escalation, or full compromise of the backend system. Source: https://github.com/l4m6da/CVE/issues/4 User: l4m6da (UID 95320) Submission: Date: 02/07/2026 01:25 PM Moderation: Date: 02/20/2026 07:57 PM Status: Accepted VulDB Entry: ID: 347208 Description: [funadmin up to 7.1.0-rc4 Backend Interface index.html Value cross site scripting] Points: 20