提出 #79467: YAFNET XSS in EditSignature Page情報

タイトルYAFNET XSS in EditSignature Page
説明This weakness has been reported to the author via the following URL : https://github.com/YAFNET/YAFNET/security/advisories affected source code file : https://github.com/YAFNET/YAFNET/blob/netfx/yafsrc/YetAnotherForum.NET/Pages/Profile/EditSignature.ascx.cs (on web page : http://your-ip.com/forum/Profile/EditSignature) Affected version: YAFNET 3.1.11 A cross-site scripting vulnerability exists. The vulnerability allows a user to embed arbitrary JavaScript code in the message field of the "Edit Signature" page and post a code with an XSS payload entered. The signature is displayed underneath posts that the user has previously published, which can affect any user when accessing certain pages, including those who are not logged in. It can potentially lead to credential disclosure in trusted sessions.
ソース⚠️ https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing
ユーザー
 lin7lic (UID 39301)
送信2023年01月28日 16:59 (3 年 ago)
モデレーション2023年02月02日 14:38 (5 days later)
ステータス承諾済み
VulDBエントリ220037 [YAFNET 迄 3.1.11 Signature クロスサイトスクリプティング]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!