| Title | forest forest <= 0.0.5 Improper Neutralization of Alternate XSS Syntax |
|---|
| Description | Forest <= 0.0.5 contains a stored XSS vulnerability due to insufficient input validation in the XssUtils.replaceHtmlCode() method, allowing authenticated attackers to inject malicious JavaScript code through article content, comments, and portfolio descriptions. |
|---|
| Source | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/CvYzdxDNDoXWdKxvaehcvb1rnQK?from=from_copylink |
|---|
| User | xcxr (UID 86629) |
|---|
| Submission | 02/10/2026 04:36 (2 months ago) |
|---|
| Moderation | 02/21/2026 18:42 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347316 [rymcu forest up to 0.0.5 Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site scripting] |
|---|
| Points | 18 |
|---|