| Titel | xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting |
|---|
| Beschreibung | The /siteVar/save.do endpoint is vulnerable to XSS. After logging in with the credentials wangzhan/wangzhan, injecting an XSS payload into the 'Remark' or 'Variable Value' fields during the 'Add Global Variable' operation and saving it results in Stored XSS upon subsequent access. |
|---|
| Quelle | ⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Stored_Cross-Site_Scripting.md |
|---|
| Benutzer | yuccun (UID 93614) |
|---|
| Einreichung | 21.12.2025 10:30 (vor 4 Monaten) |
|---|
| Moderieren | 01.01.2026 10:52 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 339337 [xnx3 wangmarket bis 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|