| عنوان | https://github.com/otale/tale Tale Blog v2.0.5 Cross Site Scripting |
|---|
| الوصف | In the OptionsService class, the application does not properly validate or filter the `themeUrl` input. This oversight allows an attacker to inject malicious JavaScript code through URL manipulation. By crafting a malicious URL that includes executable HTML or JavaScript content, an attacker can exploit this vulnerability to perform a Cross-Site Scripting (XSS) attack. |
|---|
| المصدر | ⚠️ https://github.com/dragonkeep/cve/blob/main/Tale_Blog_xss.md |
|---|
| المستخدم | Dragonkeep (UID 62708) |
|---|
| ارسال | 21/02/2025 09:20 AM (1 سنة منذ) |
|---|
| الاعتدال | 22/02/2025 02:16 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 296561 [otale حتى 2.0.5 header.html OptionsService logo_url البرمجة عبر المواقع] |
|---|
| النقاط | 18 |
|---|