| Название | ujcms v9.7.5 stored XSS |
|---|
| Описание | There is a vulnerability in the file upload function of the ujcms_v9.7.5 backend. The content of uploaded HTML and PDF files is not filtered or checked. When users view maliciously crafted HTML or PDF files, the embedded malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens. |
|---|
| Источник | ⚠️ https://github.com/dromara/ujcms/issues/13 |
|---|
| Пользователь | icefoxh (UID 82165) |
|---|
| Представление | 10.03.2025 03:22 (1 Год назад) |
|---|
| Модерация | 18.03.2025 10:20 (8 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 299996 [Dromara ujcms 9.7.5 File Upload WebFileUploadController.java uploadZip/upload межсайтовый скриптинг] |
|---|
| Баллы | 0 |
|---|