| Titolo | atjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSS |
|---|
| Descrizione | In the latest v6.0.0 version, the endpoint /admin/sensitive_word/list does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against administrator users. |
|---|
| Fonte | ⚠️ https://github.com/atjiu/pybbs/issues/206 |
|---|
| Utente | ZAST.AI (UID 87884) |
|---|
| Sottomissione | 25/07/2025 03:46 (11 mesi fa) |
|---|
| Moderazione | 04/08/2025 15:05 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 318682 [atjiu pybbs fino a 6.0.0 list word cross site scripting] |
|---|
| Punti | 18 |
|---|