जमा करें #517267: ujcms v9.7.5 stored XSSजानकारी

शीर्षकujcms v9.7.5 stored XSS
विवरणThere is a vulnerability in the ZIP upload function of the ujcms_v9.7.5 backend. The content of HTML and PDF files in the uploaded ZIP compressed package is not filtered or checked. When users view maliciously crafted HTML or PDF files, the embedded malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens.
स्रोत⚠️ https://github.com/dromara/ujcms/issues/12
उपयोगकर्ता
 icefoxh (UID 82165)
सबमिशन10/03/2025 03:21 AM (1 वर्ष पहले)
संयम18/03/2025 10:19 AM (8 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि299996 [Dromara ujcms 9.7.5 File Upload WebFileUploadController.java uploadZip/upload क्रॉस साइट स्क्रिप्टिंग]
अंक19

पिछलासिंहावलोकनअगला

Might our Artificial Intelligence support you?

Check our Alexa App!