Enviar #32889: DolphinPHP<=1.5.0 Authenticated Stored Cross-Site Scripting(XSS)información

TítuloDolphinPHP<=1.5.0 Authenticated Stored Cross-Site Scripting(XSS)
DescripciónDescription The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS). Vendor Homepage https://dolphinphp.com/ https://github.com/caiweiming/DolphinPHP Author [email protected] inc Proof of Concept 1,After the system installation is completed, log in to the background blockchain blockchain blockchain 2,Insert a danger code where the nickname is modified in the personal settings <script>alert(1);</script>超级管理员 3,Click "user" - > "permission management" - > "user management" to execute the code
Fuente⚠️ https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md
Usuario
 webray.com.cn (UID 24778)
Sumisión2022-03-17 09:16 (hace 4 años)
Moderación2022-03-17 11:26 (2 hours later)
EstadoAceptado
Entrada de VulDB195368 [DolphinPHP hasta 1.5.0 User Management Page secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!