| 제목 | givanz Vvveb 1.0.7.2 Cross Site Scripting |
|---|
| 설명 | A Reflected Cross-Site Scripting (XSS) vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) exists in the user login form. The email and password parameters are not sanitized before being reflected in the HTML response. This allows an attacker to inject malicious scripts by crafting a special URL, leading to credential theft via a keylogger payload. This was confirmed by exfiltrating password data to a Burp Collaborator server. |
|---|
| 원천 | ⚠️ https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2 |
|---|
| 사용자 | andyp138 (UID 88373) |
|---|
| 제출 | 2025. 08. 22. AM 05:05 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 30. PM 03:47 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 322017 [givanz Vvveb 1.0.7.2 login.tpl Email/Password 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|