Submit #511411: dayrui xunruicms 4.6.3 Stored Cross Site Scriptinginfo

Titledayrui xunruicms 4.6.3 Stored Cross Site Scripting
DescriptionFor detailed information, please refer to: https://github.com/dayrui/xunruicms/issues/7 payload:<iframe src=&#x0006A&#x00061&#x00076&#x00061&#x00073&#x00063&#x00072&#x00069&#x00070&#x00074&#x0003A&#x00061&#x0006C&#x00065&#x00072&#x00074&#x00028&#x00031&#x00029> is different from CVE-2024-31634,<svg> can not use here dayrui XunruiCMS 4.6.3 is vulnerable to a stored XSS (Cross-Site Scripting) vulnerability. This vulnerability exists in the "Website Information - Friendly Links" section, where links are displayed using <a href="link">. The system can parse Unicode encoding, and by closing the tag using Unicode encoding to bypass the restrictions, a stored XSS attack can be triggered.
Source⚠️ https://github.com/dayrui/xunruicms/issues/7
User
 SecHZredo (UID 81966)
Submission02/28/2025 05:41 AM (5 months ago)
Moderation03/09/2025 08:05 AM (9 days later)
StatusAccepted
VulDB Entry299051 [dayrui XunRuiCMS up to 4.6.3 Friendly Links Website Address cross site scripting]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!