Submit #747404: cym1102 nginxWebUI 4.3.7 Cross Site Scriptinginfo

Titelcym1102 nginxWebUI 4.3.7 Cross Site Scripting
BeschreibungA reflected Cross-Site Scripting (XSS) vulnerability exists in the web management interface of cym1102 nginxWebUI, version 4.3.7. The vulnerability occurs in the “Validate Configuration” function (/adminPage/conf/check). Due to a lack of proper HTML encoding or filtration for user input in the nginxDir parameter, malicious scripts injected by an attacker are directly rendered and executed in the context of the victim's browser session. This could allow an authenticated attacker to steal session cookies or perform other client-side attacks.
Quelle⚠️ https://github.com/cym1102/nginxWebUI/issues/203
Benutzer
 Anonymous User
Einreichung27.01.2026 13:54 (vor 3 Monaten)
Moderieren07.02.2026 08:47 (11 days later)
StatusAkzeptiert
VulDB Eintrag344847 [cym1102 nginxWebUI bis 4.3.7 Web Management Interface /adminPage/conf/check nginxDir Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!