| Название | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| Описание | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/article_add.php script. This issue allows an attacker to inject malicious scripts into articles, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/article_add.php script, which does not adequately sanitize the body parameter.
It seems to filter script only as a keyword.
image
An attacker with the ability to register as a member and publish articles can exploit this flaw by injecting malicious scripts into the article content.
These scripts can be executed when other users view the compromised article. |
|---|
| Источник | ⚠️ https://github.com/Hebing123/cve/issues/76 |
|---|
| Пользователь | jiashenghe (UID 39445) |
|---|
| Представление | 27.11.2024 08:05 (2 лет назад) |
|---|
| Модерация | 04.12.2024 17:31 (7 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 286902 [DedeCMS 5.7.116 /member/article_add.php body межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|