| 제목 | cym1102 nginxWebUI 4.3.7 Cross Site Scripting |
|---|
| 설명 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the web management interface of cym1102 nginxWebUI, version 4.3.7. The vulnerability occurs in the “Validate Configuration” function (/adminPage/conf/check). Due to a lack of proper HTML encoding or filtration for user input in the nginxDir parameter, malicious scripts injected by an attacker are directly rendered and executed in the context of the victim's browser session. This could allow an authenticated attacker to steal session cookies or perform other client-side attacks. |
|---|
| 원천 | ⚠️ https://github.com/cym1102/nginxWebUI/issues/203 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 01. 27. PM 01:54 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. AM 08:47 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344847 [cym1102 nginxWebUI 까지 4.3.7 Web Management Interface /adminPage/conf/check nginxDir 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|