Gửi #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scriptingthông tin

tiêu đềnovel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
Mô tảWhen the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
Nguồn⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
Người dùng
 JTZ- (UID 59232)
Đệ trình29/12/2023 03:18 (cách đây 3 những năm)
Kiểm duyệt29/12/2023 13:12 (10 hours later)
Trạng tháiđược chấp nhận
Mục VulDB249307 [Novel-Plus đến 4.2.0 Friendly Link FriendLinkController.java Tập lệnh chéo trang]
điểm19

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!