| 제목 | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| 설명 | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/article_add.php script. This issue allows an attacker to inject malicious scripts into articles, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/article_add.php script, which does not adequately sanitize the body parameter.
It seems to filter script only as a keyword.
image
An attacker with the ability to register as a member and publish articles can exploit this flaw by injecting malicious scripts into the article content.
These scripts can be executed when other users view the compromised article. |
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/76 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 11. 27. AM 08:05 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 12. 04. PM 05:31 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 286902 [DedeCMS 5.7.116 /member/article_add.php body 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|