| Título | DolphinPHP<=1.5.0 Authenticated Stored Cross-Site Scripting(XSS) |
|---|
| Descrição | Description
The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).
Vendor Homepage
https://dolphinphp.com/
https://github.com/caiweiming/DolphinPHP
Author
[email protected] inc
Proof of Concept
1,After the system installation is completed, log in to the background blockchain blockchain blockchain
2,Insert a danger code where the nickname is modified in the personal settings
<script>alert(1);</script>超级管理员
3,Click "user" - > "permission management" - > "user management" to execute the code |
|---|
| Fonte | ⚠️ https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md |
|---|
| Utilizador | webray.com.cn (UID 24778) |
|---|
| Submissão | 17/03/2022 09h16 (há 4 anos) |
|---|
| Moderação | 17/03/2022 11h26 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 195368 [DolphinPHP até 1.5.0 User Management Page Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|