| عنوان | YAFNET XSS in EditSignature Page |
|---|
| الوصف | This weakness has been reported to the author via the following URL : https://github.com/YAFNET/YAFNET/security/advisories
affected source code file : https://github.com/YAFNET/YAFNET/blob/netfx/yafsrc/YetAnotherForum.NET/Pages/Profile/EditSignature.ascx.cs (on web page : http://your-ip.com/forum/Profile/EditSignature)
Affected version: YAFNET 3.1.11
A cross-site scripting vulnerability exists. The vulnerability allows a user to embed arbitrary JavaScript code in the message field of the "Edit Signature" page and post a code with an XSS payload entered.
The signature is displayed underneath posts that the user has previously published, which can affect any user when accessing certain pages, including those who are not logged in.
It can potentially lead to credential disclosure in trusted sessions. |
|---|
| المصدر | ⚠️ https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing |
|---|
| المستخدم | lin7lic (UID 39301) |
|---|
| ارسال | 28/01/2023 04:59 PM (3 سنوات منذ) |
|---|
| الاعتدال | 02/02/2023 02:38 PM (5 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 220037 [YAFNET حتى 3.1.11 Signature البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|