Enviar #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scriptinginformación

Títulonovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
DescripciónWhen the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
Fuente⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
Usuario
 JTZ- (UID 59232)
Sumisión2023-12-29 03:18 (hace 3 años)
Moderación2023-12-29 13:12 (10 hours later)
EstadoAceptado
Entrada de VulDB249307 [Novel-Plus hasta 4.2.0 Friendly Link FriendLinkController.java secuencias de comandos en sitios cruzados]
Puntos19

Do you want to use VulDB in your project?

Use the official API to access entries easily!