Enviar #549261: ghostxbh uzy-ssm-mall v1.0.0 Cross Site Scriptinginformación

Títuloghostxbh uzy-ssm-mall v1.0.0 Cross Site Scripting
DescripciónVulnerability Description uzy-ssm-mall v1.0.0 is vulnerable to Cross-Site Scripting (XSS) attacks. Due to the absence of an XSS filter in web.xml and the lack of input escaping mechanisms, attackers can inject malicious scripts at any input point, allowing the execution of arbitrary code in the user's browser. This vulnerability affects the entire site and may lead to severe consequences such as session hijacking and data leakage. Vulnerability Location web.xml Code Audit Process Vulnerability File Path / File Name: web.xml Code Analysis: The code does not utilize any XSS filters or escaping functions, such as htmlspecialchars or htmlentities. No filtering or escaping is applied to user input at input points. web.xml does not configure an XSS filter; only a login interception filter is configured. POC (Proof of Concept) Example of an input point: http(s)://target-ip/mall/product?product_name=</title><script>alert(1)</script>
Fuente⚠️ https://wiki.shikangsi.com/post/share/3cae2847-317e-47d6-8f2a-c6fbba301d8e
Usuario
 XingYue_Mstir (UID 72225)
Sumisión2025-04-02 11:57 (hace 1 Año)
Moderación2025-04-14 00:36 (12 days later)
EstadoAceptado
Entrada de VulDB304601 [ghostxbh uzy-ssm-mall 1.0.0 /product product_name secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!