| शीर्षक | 零起飞 07FlyCRM ≤1.2.9 Cross Site Scripting |
|---|
| विवरण | An unchecked title parameter in 07FlyCRM ([https://gitee.com/07fly/FLY-CRM/](https://github.com/rachelos/we-mp-rss/)) system extension module allows authenticated users to perform Stored Cross-Site Scripting (XSS) with payload as `"><img src=1 onerror=alert(1)>` |
|---|
| स्रोत | ⚠️ https://www.notion.so/07FlyCRM-Stored-Cross-Site-Scripting-XSS-in-SysModule-module-303ea92a3c4180d3a9a8e9f6c3d2915a?v=2ffea92a3c418057a8b7000c66564aa1 |
|---|
| उपयोगकर्ता | din4 (UID 50867) |
|---|
| सबमिशन | 10/02/2026 10:03 AM (2 महीनों पहले) |
|---|
| संयम | 22/02/2026 08:34 AM (12 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347332 [07FLYCMS/07FLY-CMS/07FlyCRM तक 1.2.9 System Extension edit.html शीर्षक क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 15 |
|---|