| 제목 | MuuCmf https://gitee.com/dameng100/muucmf 1.9.5.20260309 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | 1/ Description:
Reflected Cross-Site Scripting (XSS) in MuuCmf T6 v1.9.5.20260309 allows a remote attacker to execute arbitrary JavaScript code in the context of the user's browser session via the search parameter to the /admin/Member/index.html endpoint.
CVSS score: 8.8 (High)
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2/Technical details:
- Vulnerable Endpoint: /admin/Member/index.html
- Vulnerable Parameter: search
3/ POC:
Step 1: Inject the XSS payload to this URL: http://victim.com/admin/Member/index.html?search=<payload_here>
Step 2: Delivery the URL with XSS payload to admin
Step 3: The XSS payload will execute and can steal admin cookie.
|
|---|
| 원천 | ⚠️ https://thinhneee.github.io/posts/muucmf-xss/ |
|---|
| 사용자 | thinhnee (UID 96296) |
|---|
| 제출 | 2026. 03. 10. AM 09:28 (27 날 ago) |
|---|
| 모더레이션 | 2026. 03. 25. PM 03:51 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353150 [dameng100 muucmf 1.9.5.20260309 /admin/Member/index.html 검색 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|