Gửi #721078: xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scriptingthông tin

tiêu đềxnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting
Mô tảThe /sits/uploadImage.do endpoint allows the uploading of XML files by default. Stored XSS can be achieved by uploading a malicious XML file. In the uploadImage function, the file extension is validated via the isAllowUpload function. The isAllowUpload function allows the uploading of XML files by default.
Nguồn⚠️ https://github.com/yuccun/CVE/blob/main/wangmarket-Upload2StoredXSS.md
Người dùng
 yuccun (UID 93614)
Đệ trình21/12/2025 09:39 (cách đây 4 các tháng)
Kiểm duyệt01/01/2026 10:52 (11 days later)
Trạng tháiđược chấp nhận
Mục VulDB339336 [xnx3 wangmarket đến 6.4 XML File /sits/uploadImage.do uploadImage image nâng cao đặc quyền]
điểm18

TrướcTổng QuanTiếp theo

Want to know what is going to be exploited?

We predict KEV entries!