| عنوان | quequnlong shiyi-blog 1.2.1 Stored cross-site scripting |
|---|
| الوصف | There is an XSS vulnerability in shiyi-blogv1.2.1, which is caused by incorrect parameter name handling when commenting through the "/dev api/app/comment/add" interface. Hackers can exploit this vulnerability to obtain cookies, conduct phishing attacks, and worm attacks. |
|---|
| المصدر | ⚠️ https://github.com/uglory-gll/javasec/blob/main/shiyi-blog.md |
|---|
| المستخدم | uglory (UID 82151) |
|---|
| ارسال | 25/05/2025 12:34 PM (1 سنة منذ) |
|---|
| الاعتدال | 03/06/2025 07:58 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 310927 [quequnlong shiyi-blog حتى 1.2.1 /dev-api/api/comment/add content البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|