जमा करें #779180: elecV2P <=3.8.3 Reflected XSSजानकारी

शीर्षकelecV2P <=3.8.3 Reflected XSS
विवरणThe /logs endpoint reflects the filename parameter directly into HTML output via res.write(... ${log} ...) without escaping. An attacker can inject arbitrary HTML/JavaScript through the filename value, executing in any visitor's browser. No authentication required.
स्रोत⚠️ https://github.com/elecV2/elecV2P/issues/201
उपयोगकर्ता
 ZAST.AI (UID 87884)
सबमिशन13/03/2026 05:30 AM (4 महीनों पहले)
संयम27/03/2026 03:12 PM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि353900 [elecV2 elecV2P तक 3.8.3 Endpoint /logs filename क्रॉस साइट स्क्रिप्टिंग]
अंक18

Do you know our Splunk app?

Download it now for free!