| 제목 | 北京珑大钜商科技有限公司 DBShop V3.3 Release 231225 Cross-Site Scripting (XSS) |
|---|
| 설명 | Summary
A reflected XSS (Cross-Site Scripting) vulnerability has been discovered in DBShop商城系统 V 3.3 Release 231225. The vulnerability allows for the execution of arbitrary HTML/javascript code, potentially resulting in the theft of sensitive user information.
Details
The vulnerability is located in My Orders in the User Center. $orderStatus is echoed directly on the page without filtering.
image
Proof of Concept (POC)
http(s)://your-ip/home-order?orderStatus=%22%3E%3Csvg%20onload=alert(5888)%3E |
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/31 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 12. 16. AM 07:57 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 12. 27. AM 09:49 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289384 [Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225 /home-order orderStatus 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|