| Título | kerwincui FastBee ≤ 1.2.1 Improper Neutralization of Alternate XSS Syntax |
|---|
| Descrição | FastBee contains a stored XSS vulnerability in the system notice feature. The noticeContent field is accepted by the backend and stored in the database without HTML sanitization. When users open the homepage notice detail dialog, the frontend renders the stored notice content through v-html, causing attacker-controlled JavaScript to execute in the victim's browser. |
|---|
| Fonte | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/Iu5Dd558UoS4uIxhH9YcgNsWnjc?from=from_copylink |
|---|
| Utilizador | xcxr (UID 86629) |
|---|
| Submissão | 09/04/2026 04h50 (há 2 meses) |
|---|
| Moderação | 02/05/2026 10h35 (23 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 360830 [kerwincui FastBee até 1.2.1 System Notice SysNoticeController.java add noticeContent Script de Site Cruzado] |
|---|
| Pontos | 18 |
|---|