Enviar #148363: UCMS1.6 saddpost.php cross site scriptinginformación

TítuloUCMS1.6 saddpost.php cross site scripting
DescripciónUCMS1.6 saddpost.php cross site scripting Vendor Homepage: http://uuu.la/ UCMS 1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip Version: V 1.6.0 Vulnerability description: UCMS 1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Column configuration"(栏目配置)-"Variable name module"(变量名模块) under the Site Management page. Vulnerability recurrence: The filtering of `$strorder` is not strict in the adding method of the file `\ucms_1.6\ucms\sadmin\saddpost`
Fuente⚠️ https://github.com/yztale/UCMS1.6/blob/main/README.md
Usuario
 tale (UID 40171)
Sumisión2023-04-25 08:51 (hace 3 años)
Moderación2023-04-26 07:26 (23 hours later)
EstadoAceptado
Entrada de VulDB227481 [UCMS 1.6.0 Column Configuration saddpost.php strorder secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!