Submit #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scriptinginfo

Titlenovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
DescriptionWhen the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
Source⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
User
 JTZ- (UID 59232)
Submission12/29/2023 03:18 (3 years ago)
Moderation12/29/2023 13:12 (10 hours later)
StatusAccepted
VulDB entry249307 [Novel-Plus up to 4.2.0 Friendly Link FriendLinkController.java cross site scripting]
Points19

Might our Artificial Intelligence support you?

Check our Alexa App!