| 제목 | atjiu pybbs 6.0.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | pybbs application contains a stored XSS vulnerability in the RICH content mode for comments. When the system is configured to use RICH (rich text) mode instead of Markdown mode, user-submitted HTML content is stored directly in the database and rendered without sanitization on the frontend, allowing authenticated attackers to inject malicious JavaScript code that executes when other users view the comment. |
|---|
| 원천 | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/PN3YdPBpsowyU1xTV1VcVTm9nzg?from=from_copylink |
|---|
| 사용자 | xcxr (UID 86629) |
|---|
| 제출 | 2026. 03. 06. AM 07:43 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 20. AM 09:38 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352021 [atjiu pybbs 6.0.0 CommentApiController.java create 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 19 |
|---|