Enviar #504937: https://github.com/otale/tale Tale Blog v2.0.5 Cross Site Scriptinginformación

Títulohttps://github.com/otale/tale Tale Blog v2.0.5 Cross Site Scripting
DescripciónIn the OptionsService class, the application does not properly validate or filter the `themeUrl` input. This oversight allows an attacker to inject malicious JavaScript code through URL manipulation. By crafting a malicious URL that includes executable HTML or JavaScript content, an attacker can exploit this vulnerability to perform a Cross-Site Scripting (XSS) attack.
Fuente⚠️ https://github.com/dragonkeep/cve/blob/main/Tale_Blog_xss.md
Usuario
 Dragonkeep (UID 62708)
Sumisión2025-02-21 09:20 (hace 1 Año)
Moderación2025-02-22 14:16 (1 day later)
EstadoAceptado
Entrada de VulDB296561 [otale hasta 2.0.5 header.html OptionsService logo_url secuencias de comandos en sitios cruzados]
Puntos18

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!