| 제목 | Question2Answer Question2Answer Plugin 1.4.6 Cross Site Scripting |
|---|
| 설명 | An XSS vulnerability that also allows account theft just by clicking on the Plugin notification, it is a very famous plugin, being listed even on Question2Answer's recommended page, it was estimated at about ~20 thousand users, I reported it to the developer, he recognized it and fixed it
https://github.com/q2apro/q2apro-on-site-notifications/issues/43
https://github.com/q2apro/q2apro-on-site-notifications/commit/0ca85ca02f8aceb661e9b71fd229c45d388ea5b5 |
|---|
| 원천 | ⚠️ https://github.com/q2apro/q2apro-on-site-notifications/issues/43 |
|---|
| 사용자 | Canguru (UID 84603) |
|---|
| 제출 | 2025. 04. 24. AM 10:12 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 05. PM 07:21 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 307479 [q2apro q2apro-on-site-notifications 까지 1.4.6 q2apro-onsitenotifications-page.php process_request 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|