제출 #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting정보

제목novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
설명When the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
원천⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
사용자
 JTZ- (UID 59232)
제출2023. 12. 29. AM 03:18 (3 연령 ago)
모더레이션2023. 12. 29. PM 01:12 (10 hours later)
상태수락
VulDB 항목249307 [Novel-Plus 까지 4.2.0 Friendly Link FriendLinkController.java 크로스 사이트 스크립팅]
포인트들19

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!