| 제목 | Guangzhou Qibo Network Technology Co., Ltd. Qibo CMS (x1_of_cms) X1.0 XSS |
|---|
| 설명 | The internal message (friend message) module of Qibo CMS (x1_of_cms) has a defect of insufficient input validation. When the backend system receives and stores the private message content sent by users, it does not perform effective security filtering and HTML entity escaping on the input data. Attackers can exploit this vulnerability to construct a malicious payload containing JavaScript code and send it to other users (including administrators) in the system. When the victim views the internal message on the front-end page, the malicious script will be parsed and executed by the browser. |
|---|
| 원천 | ⚠️ https://tcn60zf28jhk.feishu.cn/wiki/FHHMwcwCliOd0Bke3XkcEz3Enuc?from=from_copylink |
|---|
| 사용자 | EthX0_ (UID 96627) |
|---|
| 제출 | 2026. 03. 31. AM 08:21 (25 날 ago) |
|---|
| 모더레이션 | 2026. 04. 20. AM 07:38 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358282 [Qibo CMS 1.0 Internal Message 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|