| Titel | roothub https://github.com/miansen/Roothub/tree/v2.6 2.6 XSS |
|---|
| Beschreibung | The source code address is:
https://github.com/miansen/Roothub/tree/v2.6
This CMS version 2.6 has a storage XSS vulnerability that can be triggered by "><img src=x onerror=alert(1)>
In java code:
src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java
There doesn't seem to be any filtering for XSS here
Please see the vulnerability reproduction process
https://github.com/wandeorfu/test |
|---|
| Quelle | ⚠️ https://github.com/wandeorfu/test |
|---|
| Benutzer | wanderofu (UID 87839) |
|---|
| Einreichung | 25.07.2025 10:52 (vor 9 Monaten) |
|---|
| Moderieren | 26.07.2025 15:18 (1 day later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 317779 [Roothub bis 2.6 SystemConfigAdminController.java edit Cross Site Scripting] |
|---|
| Punkte | 0 |
|---|