Submit #148908: HsycmsV3.1 cate.php $url cross site scripting
Title | HsycmsV3.1 cate.php $url cross site scripting |
---|---|
Description | Vendor Homepage: http://www.hsycms.com/download.html Version: V3.1 Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Contact us"(联系我们)-"Add content"(添加内容模块) under the Site Management page. Vulnerability recurrence: The filtering of $url is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php. |
Source | ⚠️ https:/ |
User | tale (ID 40171) |
Submission | 04/26/2023 03:09 (1 Year ago) |
Moderation | 04/26/2023 07:32 (4 hours later) |
Accepted | Duplicate |
VulDB Entry | VDB-222842 |