| 제목 | novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting |
|---|
| 설명 | There is a stored XSS vulnerability in novel_front. When modifying the user name, although verification is done to limit the content of the user name, there is no verification or insufficient verification in the background, allowing attackers to modify the uploaded content through packet capture. This results in a stored XSS vulnerability,
At the same time, because the administrator did not perform verification when viewing the user list in the background, the malicious JS submitted by the attacker will be executed in the background. |
|---|
| 원천 | ⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS/en-us.md |
|---|
| 사용자 | JTZ- (UID 59232) |
|---|
| 제출 | 2023. 12. 28. AM 11:17 (2 연령 ago) |
|---|
| 모더레이션 | 2023. 12. 28. PM 09:29 (10 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 249201 [Novel-Plus 까지 4.2.0 HTTP POST Request /user/updateUserInfo nickName 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|