| Title | 大漠急速开发 DMadmin Based on ThinkPhp 3.23 development version xss |
|---|
| Description | In the backend system settings, you can directly insert XSS POCs into any parameter input box. Submitted special characters will not be escaped or commented out and will be written to the database, leading to stored XSS. |
|---|
| Source | ⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE-2025-2-2.md |
|---|
| User | Dee.Mirage (UID 71702) |
|---|
| Submission | 12/05/2025 09:50 (6 months ago) |
|---|
| Moderation | 12/15/2025 16:01 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336467 [vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1 Backend AddonsController.class.php add cross site scripting] |
|---|
| Points | 17 |
|---|