A Cross-site scripting (XSS) vulnerability has been found the File Management plugin used by the CKEditor in glFusion. XSS enables attackers to inject client-side script into Web pages viewed by other users. The issue was found by Mohammad Sikkandar Sha.
To resolve the issue - plesae remove the following directories from your glFusion system:
You may delete all the files in the above directories and remove the directories without affecting the use of the File Manager plugin in CKEditor. These directories contain demo and test code and are not needed for normal use.
Please remove these directories as soon as possible.
- The glFusion Support Team