Submit #643990: Yida Technology ECMS Consulting Enterprise Management System V1.0 Basic Cross Site Scriptinginfo

TitleYida Technology ECMS Consulting Enterprise Management System V1.0 Basic Cross Site Scripting
DescriptionDuring the security review of "ECMS Consulting Enterprise Management System",I discovered a critical reflected Cross-Site Scripting (XSS) vulnerability exists in the /login.do endpoint of the OA system hosted at http://gyecms.cn. The vulnerability arises due to insufficient input sanitization of the name parameter in POST requests. Malicious actors can inject arbitrary JavaScript payloads into this parameter; when the payload is reflected back in the server’s response, it executes in the context of the victim’s browser (triggered by user interaction like mouse hover).
Source⚠️ https://github.com/1276486/CVE/issues/10
User
 Zre0x1c (UID 89206)
Submission08/29/2025 11:17 (8 months ago)
Moderation09/13/2025 11:28 (15 days later)
StatusAccepted
VulDB entry323821 [Yida ECMS Consulting Enterprise Management System 1.0 POST Request /login.do requestUrl cross site scripting]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!