| Title | roothub2.6 2.6 XSS |
|---|
| Description | This CMS version 2.6 has a storage XSS vulnerability that can be triggered by "><img src=x onerror=alert(1)>
In java code:
src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java
There doesn't seem to be any filtering for XSS here |
|---|
| Source | ⚠️ https://github.com/wandeorfu/test |
|---|
| User | wanderofu (UID 87839) |
|---|
| Submission | 07/25/2025 05:46 (9 months ago) |
|---|
| Moderation | 07/25/2025 21:01 (15 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317779 [Roothub up to 2.6 SystemConfigAdminController.java edit cross site scripting] |
|---|
| Points | 15 |
|---|