| Titolo | beescms4.0 has storage xss |
|---|
| Descrizione | beescms4.0 has storage xss, Attacker can use this vulnerability to implant cross-site-script files and obtain sensitive information such as user cookies.
Storage XSS, also known as persistent XSS.
In the storage XSS, the XSS code is stored on the server side, so the Web application that allows users to store data on the server side may have this type of XSS vulnerability. After the attacker submits a piece of XSS code, the server receives and stores it. When other users visit the page containing the XSS code, the XSS code is parsed and executed by the browser.
One of the characteristics of storage XSS attack is that the submitted malicious content will be permanently stored, so a single malicious code will harm multiple users, so it is called persistent XSS, and it is also the most harmful type of cross-site scripting attack. Second, the stored malicious content submitted by users may not be used by pages, so the dangerous response information may not be returned immediately, and attacks may only be triggered when visiting pages that are not directly related in time and space, so there is uncertainty and better concealment.
A typical scenario of this kind of attack is message boards, blogs and forums. When a malicious user posts a message with malicious Javascript code on a forum page, the forum will save the user's message content in a database or file and display it as a part of the page content. When other users view the message of the malicious user, the malicious code submitted by the malicious user will be parsed and executed in the user's browser. |
|---|
| Fonte | ⚠️ https://github.com/zhenjiaqi/CVE/issues/1 |
|---|
| Utente | jiaqi (UID 55186) |
|---|
| Sottomissione | 24/09/2023 05:37 (3 anni fa) |
|---|
| Moderazione | 29/09/2023 11:58 (5 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 240915 [BEECMS 4.0 admin_content_tag.php?action=save_content giorno cross site scripting] |
|---|
| Punti | 20 |
|---|