| Titel | xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting |
|---|
| Beschreibung | The /sits/uploadImage.do endpoint allows the uploading of XML files by default. Stored XSS can be achieved by uploading a malicious XML file.
In the uploadImage function, the file extension is validated via the isAllowUpload function.
The isAllowUpload function allows the uploading of XML files by default. |
|---|
| Quelle | ⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Upload2StoredXSS.md |
|---|
| Benutzer | yuccun (UID 93614) |
|---|
| Einreichung | 21.12.2025 09:39 (vor 4 Monaten) |
|---|
| Moderieren | 01.01.2026 10:52 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 339336 [xnx3 wangmarket bis 6.4 XML File /sits/uploadImage.do uploadImage image erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|