| Title | HsycmsV3.1 cate.php cross site scripting |
|---|
| Description | Vendor Homepage: http://www.hsycms.com/download.html
Version: V3.1
Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Download Center"(下载中心)-"Category Management"(分类管理)-"Add Category Module"(添加分类模块) under the Site Management page.
Vulnerability recurrence: The filtering of $title is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php.
|
|---|
| Source | ⚠️ https://github.com/yztale/hsycms/blob/main/README.md |
|---|
| User | tale (UID 40171) |
|---|
| Submission | 03/09/2023 09:04 (3 years ago) |
|---|
| Moderation | 03/11/2023 09:05 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222842 [Hsycms 3.1 Add Category controller\cate.php Title cross site scripting] |
|---|
| Points | 20 |
|---|