Enviar #79467: YAFNET XSS in EditSignature Pageinformación

TítuloYAFNET XSS in EditSignature Page
DescripciónThis weakness has been reported to the author via the following URL : https://github.com/YAFNET/YAFNET/security/advisories affected source code file : https://github.com/YAFNET/YAFNET/blob/netfx/yafsrc/YetAnotherForum.NET/Pages/Profile/EditSignature.ascx.cs (on web page : http://your-ip.com/forum/Profile/EditSignature) Affected version: YAFNET 3.1.11 A cross-site scripting vulnerability exists. The vulnerability allows a user to embed arbitrary JavaScript code in the message field of the "Edit Signature" page and post a code with an XSS payload entered. The signature is displayed underneath posts that the user has previously published, which can affect any user when accessing certain pages, including those who are not logged in. It can potentially lead to credential disclosure in trusted sessions.
Fuente⚠️ https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing
Usuario
 lin7lic (UID 39301)
Sumisión2023-01-28 16:59 (hace 3 años)
Moderación2023-02-02 14:38 (5 days later)
EstadoAceptado
Entrada de VulDB220037 [YAFNET hasta 3.1.11 Signature secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!