إرسال #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scriptingالمعلومات

عنوانnovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
الوصفWhen the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
المصدر⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
المستخدم
 JTZ- (UID 59232)
ارسال29/12/2023 03:18 AM (3 سنوات منذ)
الاعتدال29/12/2023 01:12 PM (10 hours later)
الحالةتمت الموافقة
إدخال VulDB249307 [Novel-Plus حتى 4.2.0 Friendly Link FriendLinkController.java البرمجة عبر المواقع]
النقاط19

Do you know our Splunk app?

Download it now for free!