| Title | codeprojects human resource management 1.0.1 Storage XSS |
|---|
| Description | pbrong/hrms HRms-1.0.1 \handler\recruitment.go 文件中存储了一个 XSS 漏洞。该漏洞是由于修改招聘信息时未过滤 XSS 代码而导致的存储型 XSS 漏洞。分析:
与 'recruitment' 相关,首先获取数据,然后将其传递给 'UpdateRecruitmentById' 等,此期间未进行任何 xss' 筛选处理,导致存在存储 xss 漏洞。进入招聘管理功能。 |
|---|
| Source | ⚠️ https://github.com/38279/1/issues/2 |
|---|
| User | hnsjwaxxjsyxgs (UID 75599) |
|---|
| Submission | 03/10/2025 09:45 (1 Year ago) |
|---|
| Moderation | 03/21/2025 07:38 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300570 [code-projects Human Resource Management System 1.0.1 \handler\recruitment.go UpdateRecruitmentById c cross site scripting] |
|---|
| Points | 20 |
|---|