| Title | lceCMS lceCMS v 2.0.1 Long-lasting Cross Site Scripting |
|---|
| Description |
IceCMS is a content management system based on Spring Boot + Vue head-to-back.
IceCMS v2.0.1 has Long-lasting Cross Site Scripting, which is located in http://localhost:9528/planet user comments, which can lead to (1) stealing administrator accounts or cookies. The intruder can impersonate the administrator to log in to the backend, giving the intruder the ability to maliciously manipulate the backend data, including reading, changing, adding, and deleting some information. (2) Stealing the user's personal information or logging in to the account poses a huge threat to the user's security of the website. For example, impersonating a user to perform various actions. (3) Website trojans. Start by embedding the malicious code into the web application. When the user browses the Trojan page, the user's computer is implanted with a Trojan. (4) Sending advertisements or spam. Attackers can exploit XSS vulnerabilities to implant advertisements or send spam messages, seriously affecting users' normal use.
|
|---|
| Source | ⚠️ http://x.x.x.x/ |
|---|
| User | zero121 (UID 59411) |
|---|
| Submission | 12/01/2023 09:36 (3 years ago) |
|---|
| Moderation | 12/01/2023 17:39 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 246616 [Thecosy IceCMS 2.0.1 User Comment /planet cross site scripting] |
|---|
| Points | 17 |
|---|