Title | HsycmsV3.1 cate.php $url cross site scripting |
---|
Description | Vendor Homepage: http://www.hsycms.com/download.html
Version: V3.1
Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Contact us"(联系我们)-"Add content"(添加内容模块) under the Site Management page.
Vulnerability recurrence: The filtering of $url is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php. |
---|
Source | ⚠️ https://github.com/yztale/hsycms/blob/main/README.md |
---|
User | tale (ID 40171) |
---|
Submission | 26/04/2023 03:09 (1 Year ago) |
---|
Moderation | 26/04/2023 07:32 (4 hours later) |
---|
Status | Duplicate |
---|
VulDB Entry | 222842 |
---|