Enviar #658064: https://gitee.com/westboy/CicadasCMS/branches CicadasCMS 1.0 Incomplete Denylist to Cross-Site Scriptinginformación

Títulohttps://gitee.com/westboy/CicadasCMS/branches CicadasCMS 1.0 Incomplete Denylist to Cross-Site Scripting
DescripciónA Stored Cross-Site Scripting (XSS) vulnerability exists in CicadasCMS v1.0 that causes the system to adequately filter and escape user-entered data before it is stored on the server. An attacker can persistently store malicious code on the server by submitting maliciously constructed script content (in the new section). When other users visit a page containing this malicious content, the script will be executed in their browser, potentially leading to risks such as session hijacking, leakage of sensitive information (such as stealing cookies), malicious operation simulation, or tampering with page content
Fuente⚠️ https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS2.md
Usuario
 xmttz (UID 89920)
Sumisión2025-09-18 15:40 (hace 7 meses)
Moderación2025-09-26 14:10 (8 days later)
EstadoAceptado
Entrada de VulDB326107 [westboy CicadasCMS 1.0 save categoryName secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!