| Titel | HsycmsV3.1 cate.php cross site scripting |
|---|
| Beschreibung | Vendor Homepage: http://www.hsycms.com/download.html
Version: V3.1
Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Download Center"(下载中心)-"Category Management"(分类管理)-"Add Category Module"(添加分类模块) under the Site Management page.
Vulnerability recurrence: The filtering of $title is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php.
|
|---|
| Quelle | ⚠️ https://github.com/yztale/hsycms/blob/main/README.md |
|---|
| Benutzer | tale (UID 40171) |
|---|
| Einreichung | 09.03.2023 09:04 (vor 3 Jahren) |
|---|
| Moderieren | 11.03.2023 09:05 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 222842 [Hsycms 3.1 Add Category controller\cate.php Titel Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|