Submeter #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scriptinginformação

Títulonovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
DescriçãoWhen the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
Fonte⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
Utilizador
 JTZ- (UID 59232)
Submissão29/12/2023 03h18 (há 3 anos)
Moderação29/12/2023 13h12 (10 hours later)
EstadoAceite
Entrada VulDB249307 [Novel-Plus até 4.2.0 Friendly Link FriendLinkController.java Script de Site Cruzado]
Pontos19

Do you know our Splunk app?

Download it now for free!