| عنوان | YAFNET XSS |
|---|
| الوصف | YAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions.
affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage)
Send a private message to the victim after entering the XSS payload into the subject and message fields.
Already commit the open source owner and submlit to https://github.com/YAFNET/YAFNET/security/advisories. |
|---|
| المصدر | ⚠️ https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing |
|---|
| المستخدم | lin7lic (UID 39301) |
|---|
| ارسال | 21/01/2023 07:42 AM (3 سنوات منذ) |
|---|
| الاعتدال | 27/01/2023 07:57 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 219665 [YAFNET حتى 3.1.10 Private Message PostPrivateMessage subject/message البرمجة عبر المواقع] |
|---|
| النقاط | 15 |
|---|