提出 #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting情報

タイトルnovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
説明When the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
ソース⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
ユーザー
 JTZ- (UID 59232)
送信2023年12月29日 03:18 (3 年 ago)
モデレーション2023年12月29日 13:12 (10 hours later)
ステータス承諾済み
VulDBエントリ249307 [Novel-Plus 迄 4.2.0 Friendly Link FriendLinkController.java クロスサイトスクリプティング]
ポイント19

Want to know what is going to be exploited?

We predict KEV entries!