Invia #622198: atjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSSinformazioni

Titoloatjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSS
DescrizioneIn the latest v6.0.0 version, the endpoint /admin/user/list does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against administrator users.
Fonte⚠️ https://github.com/atjiu/pybbs/issues/207
Utente
 ZAST.AI (UID 87884)
Sottomissione25/07/2025 03:47 (11 mesi fa)
Moderazione04/08/2025 15:05 (10 days later)
StatoAccettato
Voce VulDB318683 [atjiu pybbs fino a 6.0.0 /admin/user/list Nome utente cross site scripting]
Punti16

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!