| Название | kerwincui FastBee ≤ 1.2.1 Improper Neutralization of Alternate XSS Syntax |
|---|
| Описание | FastBee contains a stored XSS vulnerability in the system notice feature. The noticeContent field is accepted by the backend and stored in the database without HTML sanitization. When users open the homepage notice detail dialog, the frontend renders the stored notice content through v-html, causing attacker-controlled JavaScript to execute in the victim's browser. |
|---|
| Источник | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/Iu5Dd558UoS4uIxhH9YcgNsWnjc?from=from_copylink |
|---|
| Пользователь | xcxr (UID 86629) |
|---|
| Представление | 09.04.2026 04:50 (2 месяцы назад) |
|---|
| Модерация | 02.05.2026 10:35 (23 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360830 [kerwincui FastBee до 1.2.1 System Notice SysNoticeController.java add noticeContent межсайтовый скриптинг] |
|---|
| Баллы | 18 |
|---|