提出 #75175: YAFNET XSS情報

タイトルYAFNET XSS
説明YAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions. affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage) Send a private message to the victim after entering the XSS payload into the subject and message fields. Already commit the open source owner and submlit to https://github.com/YAFNET/YAFNET/security/advisories.
ソース⚠️ https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing
ユーザー
 lin7lic (UID 39301)
送信2023年01月21日 07:42 (3 年 ago)
モデレーション2023年01月27日 19:57 (7 days later)
ステータス承諾済み
VulDBエントリ219665 [YAFNET 迄 3.1.10 Private Message PostPrivateMessage subject/message クロスサイトスクリプティング]
ポイント15

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!