| عنوان | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| الوصف | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/article_add.php script. This issue allows an attacker to inject malicious scripts into articles, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/article_add.php script, which does not adequately sanitize the body parameter.
It seems to filter script only as a keyword.
image
An attacker with the ability to register as a member and publish articles can exploit this flaw by injecting malicious scripts into the article content.
These scripts can be executed when other users view the compromised article. |
|---|
| المصدر | ⚠️ https://github.com/Hebing123/cve/issues/76 |
|---|
| المستخدم | jiashenghe (UID 39445) |
|---|
| ارسال | 27/11/2024 08:05 AM (2 سنوات منذ) |
|---|
| الاعتدال | 04/12/2024 05:31 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 286902 [DedeCMS 5.7.116 /member/article_add.php body البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|