| 제목 | OpenWGA OpenWGA Admin Client 7.11.12 (Build 737) Cross Site Scripting |
|---|
| 설명 | The OpenWGA Admin Client persists untrusted input in multiple administrator-facing fields without consistent, context-safe output encoding. When these values are later rendered in the Admin UI, stored JavaScript executes in the victim's browser. Impacted views include pages where saved names, titles, descriptions or other metadata are listed or previewed. This allows an attacker with low privileges to run arbitrary script in the context of a higher-privileged user's session. |
|---|
| 원천 | ⚠️ https://github.com/mikecole-mg/security_findings/blob/main/openwga/openwga-xss.md |
|---|
| 사용자 | mikecole-mg (UID 89343) |
|---|
| 제출 | 2025. 10. 13. AM 12:55 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. AM 06:29 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329922 [OpenWGA 7.11.12 Build 737 Admin UI 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|