| 제목 | Gitee jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 Basic Cross Site Scripting |
|---|
| 설명 | 蛋糕商城JPA版 is vulnerable to the reflected cross-site scripting (XSS) vulnerability. The backend system uses the /goods_search API to receive the keyword parameter from the frontend for content search. A code trace reveals that the input is not properly filtered, and the global filters also lack harmful payload detection for the incoming parameters. Moreover, the processed content is returned to the browser without proper output encoding or escaping. This eventually results in a reflected XSS vulnerability. |
|---|
| 원천 | ⚠️ https://github.com/Bemcliu/cve-reports/blob/main/cve-04-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Reflected%20XSS/readme.md |
|---|
| 사용자 | HJAQiang (UID 86075) |
|---|
| 제출 | 2025. 07. 24. AM 10:24 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 26. AM 11:36 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 317809 [jerryshensjf JPACookieShop 蛋糕商城JPA版 까지 24a15c02b4f75042c9f7f615a3fed2ec1cefb999 GoodsCustController.java goodsSearch keyword 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|