| Название | xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting |
|---|
| Описание | The /siteVar/save.do endpoint is vulnerable to XSS. After logging in with the credentials wangzhan/wangzhan, injecting an XSS payload into the 'Remark' or 'Variable Value' fields during the 'Add Global Variable' operation and saving it results in Stored XSS upon subsequent access. |
|---|
| Источник | ⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Stored_Cross-Site_Scripting.md |
|---|
| Пользователь | yuccun (UID 93614) |
|---|
| Представление | 21.12.2025 10:30 (4 месяцы назад) |
|---|
| Модерация | 01.01.2026 10:52 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339337 [xnx3 wangmarket до 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value межсайтовый скриптинг] |
|---|
| Баллы | 17 |
|---|