funadmin/funadmin Security Advisories for v7.1.0-rc2 (5)
-
[LOW] funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function
PKSA-rzcm-2t96-zr56 CVE-2026-2898 GHSA-gcxp-xg77-798j
Affected version: <=7.1.0-rc4
Reported by:
GitHub -
[LOW] funadmin: XSS through Value argument in Backend Interface component
PKSA-z36f-6d88-bjdd CVE-2026-2897 GHSA-rfh7-7v27-6p9r
Affected version: <=7.1.0-rc4
Reported by:
GitHub -
[MEDIUM] funadmin has Incorrect Privilege Assignment in its Configuration Handler
PKSA-dwjy-41q2-31rt CVE-2026-2896 GHSA-5m2g-4cf6-c3rg
Affected version: <=7.1.0-rc4
Reported by:
GitHub -
[LOW] funadmin has Weak Password Recovery Mechanism for Forgotten Password
PKSA-j1rx-v5j5-4zrh CVE-2026-2895 GHSA-fmr2-m7gc-577w
Affected version: <=7.1.0-rc4
Reported by:
GitHub -
[MEDIUM] funadmin exposes sensitive information via getMember function
PKSA-46y2-3dk3-ygyt CVE-2026-2894 GHSA-8hhx-xq9j-xwfj
Affected version: <=7.1.0-rc4
Reported by:
GitHub