| tiêu đề | Dedebiz v6.2.10 exists XSS injection |
|---|
| Mô tả | Dedebiz v6.2.10 has a stored XSS injection vulnerability.
Conditions of use:
1. The administrator has enabled the members feature (this is a basic feature that needs to be enabled)
2. Register as a member and pass the email verification
This user can first publish an article containing normal information and then modify the article in the document management. By editing articles in source mode, special payloads can be used to bypass the system's xss filter, allowing malicious code injection and the introduction of a malicious js file from a remote host.
After the administrator previews the article or approves the article, the malicious code will be automatically executed in the browser. |
|---|
| Nguồn | ⚠️ https://github.com/Wkingxc/CVE/blob/master/dedebiz_XSS.pdf |
|---|
| Người dùng | funnn7 (UID 50471) |
|---|
| Đệ trình | 27/07/2023 06:31 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 04/08/2023 23:11 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 236186 [DedeBIZ 6.2.10 Article Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|