| 제목 | novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting |
|---|
| 설명 | When the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here.
Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack |
|---|
| 원천 | ⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md |
|---|
| 사용자 | JTZ- (UID 59232) |
|---|
| 제출 | 2023. 12. 29. AM 03:18 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 12. 29. PM 01:12 (10 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 249307 [Novel-Plus 까지 4.2.0 Friendly Link FriendLinkController.java 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 19 |
|---|