Submit #648548: https://gitee.com/pojoin/h3blog h3blog 1.0 Stored Cross-Site Scripting Attackinfo

Titelhttps://gitee.com/pojoin/h3blog h3blog 1.0 Stored Cross-Site Scripting Attack
BeschreibungIn H3blog version 1.0, the `/login` endpoint was vulnerable to JavaScript code injection via a forged `X-Forwarded-For` header. An attacker could craft a malicious login request containing harmful JavaScript code. This code would then execute when an administrator views the operation logs, potentially leading to the theft of sensitive information such as cookies.
Quelle⚠️ https://github.com/hhhh333/CVE/blob/main/xss.md
Benutzer
 hhhha (UID 89875)
Einreichung05.09.2025 11:05 (vor 9 Monaten)
Moderieren15.09.2025 16:04 (10 days later)
StatusAkzeptiert
VulDB Eintrag323919 [pojoin h3blog bis 5bf704425ebc11f4c24da51f32f36bb17ae20489 HTTP Header /login ppt_log X-Forwarded-For Cross Site Scripting]
Punkte18

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!