| Title | xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting |
|---|
| Description | The /siteVar/save.do endpoint is vulnerable to XSS. After logging in with the credentials wangzhan/wangzhan, injecting an XSS payload into the 'Remark' or 'Variable Value' fields during the 'Add Global Variable' operation and saving it results in Stored XSS upon subsequent access. |
|---|
| Source | ⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Stored_Cross-Site_Scripting.md |
|---|
| User | yuccun (UID 93614) |
|---|
| Submission | 12/21/2025 10:30 (4 months ago) |
|---|
| Moderation | 01/01/2026 10:52 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 339337 [xnx3 wangmarket up to 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting] |
|---|
| Points | 17 |
|---|