Submeter #75175: YAFNET XSSinformação

TítuloYAFNET XSS
DescriçãoYAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions. affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage) Send a private message to the victim after entering the XSS payload into the subject and message fields. Already commit the open source owner and submlit to https://github.com/YAFNET/YAFNET/security/advisories.
Fonte⚠️ https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing
Utilizador
 lin7lic (UID 39301)
Submissão21/01/2023 07h42 (há 3 anos)
Moderação27/01/2023 19h57 (7 days later)
EstadoAceite
Entrada VulDB219665 [YAFNET até 3.1.10 Private Message PostPrivateMessage subject/message Script de Site Cruzado]
Pontos15

Do you need the next level of professionalism?

Upgrade your account now!