| Название | https://github.com/xnx3/wangmarket wangmarket 4.9 Improper Neutralization of Alternate XSS Syntax |
|---|
| Описание | The /admin/system/variableSave.do interface in Warehouse version 4.9 has a stored XSS cross-site scripting vulnerability. Attackers can inject malicious JavaScript code into the system variables through this interface. This code is persistently stored in the database. When administrators or other users access the system variable list page, the malicious code will automatically execute in the victim's browser, thereby stealing cookies, hijacking sessions, or conducting other malicious operations. |
|---|
| Источник | ⚠️ https://www.yuque.com/cocount-eveo/lu0220/eg6s9gropfwtoz9w?singleDoc#%20%E3%80%8AStored%20Cross-Site%20Scripting%E3%80%8B |
|---|
| Пользователь | eveo (UID 93828) |
|---|
| Представление | 26.12.2025 09:42 (4 месяцы назад) |
|---|
| Модерация | 04.01.2026 09:47 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339484 [xnx3 wangmarket до 4.9 System Variables Page variableSave.do Описание межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|