| Titel | Xss vulnerability exists in DedeBIZ v6.2.10 |
|---|
| Beschreibung | [Suggested description]
DedeBIZ v6.2.10 was discovered to contain css vulnerability in /admin/sys_sql_query.php.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/DedeBIZ/DedeV6
https://www.dedebiz.com/
[Affected Product Code Base]
DedeBIZ 6.2.10
[Affected Component]
admin/sys_sql_query.php
POST /admin/sys_sql_query.php HTTP/1.1
..............
dopost=query&_csrf_token=cefb8cd300e4ef8c92a9334d18640faf&querytype=2&sqlquery=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
[Attack Type]
Remote
[Vulnerability demonstration]
https://github.com/TXPH/CVE/blob/main/xss-report.pdf
[Repair suggestions]
Filter the output SQL statement content.
|
|---|
| Quelle | ⚠️ https://github.com/TXPH/CVE/blob/main/xss-report.pdf |
|---|
| Benutzer | TXPH (UID 50296) |
|---|
| Einreichung | 13.07.2023 10:10 (vor 3 Jahren) |
|---|
| Moderieren | 22.07.2023 08:09 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 235188 [DedeBIZ 6.2.10 /admin/sys_sql_query.php Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|