| عنوان | https://github.com/rawchen/ecms?tab=readme-ov-file ecms 1.0 Stored XSS |
|---|
| الوصف | The 1.0 version of ecms/updateProductServlet interface has an XSS storage vulnerability, where attackers can pass in the product name (i.e. productName parameter) to cause the server to execute JS code, resulting in an XSS storage vulnerability.
Receiving the productName parameter in the updateProductServlet class and directly updating it to the database without verifying the incoming content, there is an XSS storage vulnerability |
|---|
| المصدر | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/%E5%AD%98%E5%82%A8%E5%9E%8BXss.md |
|---|
| المستخدم | zyhsec (UID 93418) |
|---|
| ارسال | 16/12/2025 12:19 PM (4 أشهر منذ) |
|---|
| الاعتدال | 27/12/2025 02:33 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338526 [rawchen ecms حتى b59d7feaa9094234e8aa6c8c6b290621ca575ded Add New Product Page updateProductServlet.java updateProductServlet productName البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|