Submit #780716: 勾股开源 gougucms v4.08.18 Stored XSSinfo

Titel勾股开源 gougucms v4.08.18 Stored XSS
BeschreibungVulnerability Name: Cross-Site Scripting (Stored) Link of project: https://gitee.com/gouguopen/gougucms Description: Blind Cross-Site Scripting (Blind XSS) in GouguCMS v4.08.18 allows a low-privileged user to steal administrative session cookies or perform unauthorized administrative actions by injecting a malicious payload into the record endpoint. The payload is stored in the database and executed when an administrator views the activity logs or records in the backend dashboard.
Quelle⚠️ https://thinhneee.github.io/posts/gougu-blind-xss/
Benutzer
 thinhnee (UID 96296)
Einreichung16.03.2026 09:37 (vor 23 Tagen)
Moderieren31.03.2026 18:01 (15 days later)
StatusAkzeptiert
VulDB Eintrag354430 [gougucms 4.08.18 Record Endpoint record.html value.content Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!