wangmarket <=v6.4 Cross Site Scriptinginformation

Titre	xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting
Description	The /siteVar/save.do endpoint is vulnerable to XSS. After logging in with the credentials wangzhan/wangzhan, injecting an XSS payload into the 'Remark' or 'Variable Value' fields during the 'Add Global Variable' operation and saving it results in Stored XSS upon subsequent access.
La source	⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Stored_Cross-Site_Scripting.md
Utilisateur	yuccun (UID 93614)
Soumission	21/12/2025 10:30 (il y a 4 mois)
Modérer	01/01/2026 10:52 (11 days later)
Statut	Accepté
Entrée VulDB	339337 [xnx3 wangmarket jusqu’à 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting]
Points	17

Do you know our Splunk app?

Download it now for free!