| Titel | automad<=1.10.9 Stored Cross-Site Scripting(XSS) |
|---|
| Beschreibung | The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).
1,After installing the program, log in to the background system, modify the website title and inject attack code, and then submit
2,Visiting the home page of the website will trigger the code
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md |
|---|
| Quelle | ⚠️ https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md |
|---|
| Benutzer | webray.com.cn (UID 24778) |
|---|
| Einreichung | 29.04.2022 11:33 (vor 4 Jahren) |
|---|
| Moderieren | 29.04.2022 14:06 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 198706 [automad bis 1.10.9 Dashboard Titel Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|