Invia #648548: https://gitee.com/pojoin/h3blog h3blog 1.0 Stored Cross-Site Scripting Attackinformazioni

Titolohttps://gitee.com/pojoin/h3blog h3blog 1.0 Stored Cross-Site Scripting Attack
DescrizioneIn H3blog version 1.0, the `/login` endpoint was vulnerable to JavaScript code injection via a forged `X-Forwarded-For` header. An attacker could craft a malicious login request containing harmful JavaScript code. This code would then execute when an administrator views the operation logs, potentially leading to the theft of sensitive information such as cookies.
Fonte⚠️ https://github.com/hhhh333/CVE/blob/main/xss.md
Utente
 hhhha (UID 89875)
Sottomissione05/09/2025 11:05 (9 mesi fa)
Moderazione15/09/2025 16:04 (10 days later)
StatoAccettato
Voce VulDB323919 [pojoin h3blog fino a 5bf704425ebc11f4c24da51f32f36bb17ae20489 HTTP Header /login ppt_log X-Forwarded-For cross site scripting]
Punti18

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!