| Titel | ujcms v9.7.5 stored XSS |
|---|
| Beschreibung | There is a vulnerability in the template file editing function of the ujcms_v9.7.5 backend. The embedded JavaScript is not filtered or checked. When users access files with embedded malicious code, the malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens. |
|---|
| Quelle | ⚠️ https://github.com/dromara/ujcms/issues/14 |
|---|
| Benutzer | icefoxh (UID 82165) |
|---|
| Einreichung | 10.03.2025 03:23 (vor 1 Jahr) |
|---|
| Moderieren | 18.03.2025 10:20 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 299997 [Dromara ujcms 9.7.5 Edit Template File Page WebFileTemplateController.java update Cross Site Scripting] |
|---|
| Punkte | 18 |
|---|