| عنوان | ghostxbh uzy-ssm-mall v1.0.0 Cross Site Scripting |
|---|
| الوصف | Vulnerability Description
uzy-ssm-mall v1.0.0 is vulnerable to Cross-Site Scripting (XSS) attacks. Due to the absence of an XSS filter in web.xml and the lack of input escaping mechanisms, attackers can inject malicious scripts at any input point, allowing the execution of arbitrary code in the user's browser. This vulnerability affects the entire site and may lead to severe consequences such as session hijacking and data leakage.
Vulnerability Location
web.xml
Code Audit Process
Vulnerability File Path / File Name: web.xml
Code Analysis:
The code does not utilize any XSS filters or escaping functions, such as htmlspecialchars or htmlentities.
No filtering or escaping is applied to user input at input points.
web.xml does not configure an XSS filter; only a login interception filter is configured.
POC (Proof of Concept)
Example of an input point:
http(s)://target-ip/mall/product?product_name=</title><script>alert(1)</script> |
|---|
| المصدر | ⚠️ https://wiki.shikangsi.com/post/share/3cae2847-317e-47d6-8f2a-c6fbba301d8e |
|---|
| المستخدم | XingYue_Mstir (UID 72225) |
|---|
| ارسال | 02/04/2025 11:57 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/04/2025 12:36 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 304601 [ghostxbh uzy-ssm-mall 1.0.0 /product product_name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|