Submit #148908: HsycmsV3.1 cate.php $url cross site scripting
| Title | HsycmsV3.1 cate.php $url cross site scripting |
|---|---|
| Description | Vendor Homepage: http://www.hsycms.com/download.html Version: V3.1 Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Contact us"(联系我们)-"Add content"(添加内容模块) under the Site Management page. Vulnerability recurrence: The filtering of $url is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php. |
| Source | ⚠️ https:/ |
| User | tale (ID 40171) |
| Submission | 04/26/2023 03:09 (1 Year ago) |
| Moderation | 04/26/2023 07:32 (4 hours later) |
| Accepted | Duplicate |
| VulDB Entry | VDB-222842 |