| शीर्षक | kerwincui FastBee ≤ 1.2.1 Improper Neutralization of Alternate XSS Syntax |
|---|
| विवरण | FastBee contains a stored XSS vulnerability in the system notice feature. The noticeContent field is accepted by the backend and stored in the database without HTML sanitization. When users open the homepage notice detail dialog, the frontend renders the stored notice content through v-html, causing attacker-controlled JavaScript to execute in the victim's browser. |
|---|
| स्रोत | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/Iu5Dd558UoS4uIxhH9YcgNsWnjc?from=from_copylink |
|---|
| उपयोगकर्ता | xcxr (UID 86629) |
|---|
| सबमिशन | 09/04/2026 04:50 AM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 10:35 AM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360830 [kerwincui FastBee तक 1.2.1 System Notice SysNoticeController.java add noticeContent क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 18 |
|---|