إرسال #639704: givanz Vvveb 1.0.7.2 Cross Site Scriptingالمعلومات

عنوان	givanz Vvveb 1.0.7.2 Cross Site Scripting
الوصف	A Reflected Cross-Site Scripting (XSS) vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) exists in the user login form. The email and password parameters are not sanitized before being reflected in the HTML response. This allows an attacker to inject malicious scripts by crafting a special URL, leading to credential theft via a keylogger payload. This was confirmed by exfiltrating password data to a Burp Collaborator server.
المصدر	⚠️ https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2
المستخدم	andyp138 (UID 88373)
ارسال	22/08/2025 05:05 AM (10 أشهر منذ)
الاعتدال	30/08/2025 03:47 PM (8 days later)
الحالة	تمت الموافقة
إدخال VulDB	322017 [givanz Vvveb 1.0.7.2 login.tpl Email/Password البرمجة عبر المواقع]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!