| 제목 | LinkStackOrg LinkStack 4.8.6 Improper Neutralization of Alternate XSS Syntax |
|---|
| 설명 | The product does not neutralize, or incorrectly neutralizes, user-controlled input for alternate script syntax. This applies because the app blocks <script> tags via strip_tags(), but fails to neutralize alternate XSS vectors such as event handler attributes (onmouseover, onclick, etc.) on otherwise allowed tags. I have already submitted a pull request to fix the issue. https://github.com/LinkStackOrg/LinkStack/pull/974 |
|---|
| 원천 | ⚠️ https://github.com/az10b/security-advisories/blob/main/stored_xss_linkstack.md |
|---|
| 사용자 | AliAz (UID 74624) |
|---|
| 제출 | 2026. 04. 10. AM 06:07 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 30. PM 04:38 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360311 [LinkStackOrg LinkStack 까지 4.8.6 UserController.php editPage pageDescription 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|