| Titel | atjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSS |
|---|
| Beschreibung | In the latest v6.0.0 version, the endpoint /admin/comment/list does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against administrator users. |
|---|
| Quelle | ⚠️ https://github.com/atjiu/pybbs/issues/204 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 25.07.2025 03:45 (vor 11 Monaten) |
|---|
| Moderieren | 04.08.2025 15:05 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 318680 [atjiu pybbs bis 6.0.0 /admin/comment/list Benutzername Cross Site Scripting] |
|---|
| Punkte | 16 |
|---|