Submit #622196: atjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSSinfo

Titleatjiu https://github.com/atjiu/pybbs <=6.0.0 Reflected XSS
DescriptionIn the latest v6.0.0 version, the endpoint/admin/tag/list does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against administrator users.
Source⚠️ https://github.com/atjiu/pybbs/issues/205
User
 ZAST.AI (UID 87884)
Submission07/25/2025 03:46 (11 months ago)
Moderation08/04/2025 15:05 (10 days later)
StatusAccepted
VulDB entry318681 [atjiu pybbs up to 6.0.0 /admin/tag/list Name cross site scripting]
Points16

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!