إرسال #643990: Yida Technology ECMS Consulting Enterprise Management System V1.0 Basic Cross Site Scriptingالمعلومات

عنوانYida Technology ECMS Consulting Enterprise Management System V1.0 Basic Cross Site Scripting
الوصفDuring the security review of "ECMS Consulting Enterprise Management System",I discovered a critical reflected Cross-Site Scripting (XSS) vulnerability exists in the /login.do endpoint of the OA system hosted at http://gyecms.cn. The vulnerability arises due to insufficient input sanitization of the name parameter in POST requests. Malicious actors can inject arbitrary JavaScript payloads into this parameter; when the payload is reflected back in the server’s response, it executes in the context of the victim’s browser (triggered by user interaction like mouse hover).
المصدر⚠️ https://github.com/1276486/CVE/issues/10
المستخدم
 Zre0x1c (UID 89206)
ارسال29/08/2025 11:17 AM (8 أشهر منذ)
الاعتدال13/09/2025 11:28 AM (15 days later)
الحالةتمت الموافقة
إدخال VulDB323821 [Yida ECMS Consulting Enterprise Management System 1.0 POST Request /login.do requestUrl البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق