| عنوان | Seeyon Zhiyuan OA application system V8.1 SP2 DOM type XSS Cross-Site Request |
|---|
| الوصف | 1.Vulnerability name: Seeyon OA application system has DOM-type XSS cross-site request vulnerability
2.Vulnerability submitter and contributor: 蔡超雄(caichaoxiong)
3.Vendor: Seeyon Zhiyuan OA
4.Affected product versions:
Seeyon Zhiyuan OA application system product version number: V8.1 SP2.
5.Vulnerability Description
In the date.htm and date.jsp of Seeyon Zhiyuan OA application system (V8 SP2), because no security measures such as input filtering and output encoding are taken, attackers can obtain URL parameters through document.location.search. The background does not filter the URL parameters, resulting in the use of the eval function, triggering a DOM-type XSS cross-site request forgery vulnerability, which can steal sensitive data such as Cookies and session tokens, and can be used in conjunction with other vulnerabilities and attack methods to penetrate, forge a legitimate identity to log in to the system, and inject malicious content (such as fake forms, phishing links) to induce users to interact twice. |
|---|
| المصدر | ⚠️ https://wx.mail.qq.com/s?k=-ET_wl44c0s1Drppsy |
|---|
| المستخدم | caichaoxiong (UID 84060) |
|---|
| ارسال | 15/04/2025 05:44 AM (1 سنة منذ) |
|---|
| الاعتدال | 26/04/2025 10:23 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 306335 [Seeyon Zhiyuan OA Web Application System 8.1 SP2 URL Parameter date.jsp البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|