Submit #800724: kerwincui FastBee ≤ 1.2.1 Improper Neutralization of Alternate XSS Syntaxinfo

Titlekerwincui FastBee ≤ 1.2.1 Improper Neutralization of Alternate XSS Syntax
DescriptionFastBee contains a stored XSS vulnerability in the system notice feature. The noticeContent field is accepted by the backend and stored in the database without HTML sanitization. When users open the homepage notice detail dialog, the frontend renders the stored notice content through v-html, causing attacker-controlled JavaScript to execute in the victim's browser.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/Iu5Dd558UoS4uIxhH9YcgNsWnjc?from=from_copylink
User
 xcxr (UID 86629)
Submission04/09/2026 04:50 (3 months ago)
Moderation05/02/2026 10:35 (23 days later)
StatusAccepted
VulDB entry360830 [kerwincui FastBee up to 1.2.1 System Notice SysNoticeController.java add noticeContent cross site scripting]
Points18

Do you want to use VulDB in your project?

Use the official API to access entries easily!