| 제목 | UCMS1.6 saddpost.php cross site scripting |
|---|
| 설명 | UCMS1.6 saddpost.php cross site scripting
Vendor Homepage: http://uuu.la/
UCMS 1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip
Version: V 1.6.0
Vulnerability description: UCMS 1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Column configuration"(栏目配置)-"Variable name module"(变量名模块) under the Site Management page.
Vulnerability recurrence: The filtering of `$strorder` is not strict in the adding method of the file `\ucms_1.6\ucms\sadmin\saddpost` |
|---|
| 원천 | ⚠️ https://github.com/yztale/UCMS1.6/blob/main/README.md |
|---|
| 사용자 | tale (UID 40171) |
|---|
| 제출 | 2023. 04. 25. AM 08:51 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 26. AM 07:26 (23 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 227481 [UCMS 1.6.0 Column Configuration saddpost.php strorder 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|