| Titre | https://github.com/rawchen/ecms?tab=readme-ov-file ecms 1.0 Stored XSS |
|---|
| Description | The 1.0 version of ecms/updateProductServlet interface has an XSS storage vulnerability, where attackers can pass in the product name (i.e. productName parameter) to cause the server to execute JS code, resulting in an XSS storage vulnerability.
Receiving the productName parameter in the updateProductServlet class and directly updating it to the database without verifying the incoming content, there is an XSS storage vulnerability |
|---|
| La source | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/%E5%AD%98%E5%82%A8%E5%9E%8BXss.md |
|---|
| Utilisateur | zyhsec (UID 93418) |
|---|
| Soumission | 16/12/2025 12:19 (il y a 4 mois) |
|---|
| Modérer | 27/12/2025 14:33 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 338526 [rawchen ecms Add New Product Page updateProductServlet.java updateProductServlet productName cross site scripting] |
|---|
| Points | 20 |
|---|