Invia #373282: ThinkSAAS 3.7.0 Cross Site Scriptinginformazioni

TitoloThinkSAAS 3.7.0 Cross Site Scripting
DescrizioneThe ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp are not properly filtered for malicious code in app/system/action/do.php. An attacker can exploit this issue by injecting malicious payloads into these parameters, leading to the execution of arbitrary JavaScript code in the context of the user's browser.
Fonte⚠️ https://github.com/thinksaas/ThinkSAAS/issues/36
Utente
 jiashenghe (UID 39445)
Sottomissione12/07/2024 09:00 (2 anni fa)
Moderazione20/07/2024 11:45 (8 days later)
StatoAccettato
Voce VulDB272063 [ThinkSAAS 3.7.0 app/system/action/do.php cross site scripting]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!