| Título | https://github.com/xnx3/wangmarket wangmarket 4.9 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descripción | The /admin/system/variableSave.do interface in Warehouse version 4.9 has a stored XSS cross-site scripting vulnerability. Attackers can inject malicious JavaScript code into the system variables through this interface. This code is persistently stored in the database. When administrators or other users access the system variable list page, the malicious code will automatically execute in the victim's browser, thereby stealing cookies, hijacking sessions, or conducting other malicious operations. |
|---|
| Fuente | ⚠️ https://www.yuque.com/cocount-eveo/lu0220/eg6s9gropfwtoz9w?singleDoc#%20%E3%80%8AStored%20Cross-Site%20Scripting%E3%80%8B |
|---|
| Usuario | eveo (UID 93828) |
|---|
| Sumisión | 2025-12-26 09:42 (hace 4 meses) |
|---|
| Moderación | 2026-01-04 09:47 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 339484 [xnx3 wangmarket hasta 4.9 System Variables Page variableSave.do Descripción secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|