| tiêu đề | https://github.com/xnx3/wangmarket wangmarket 4.9 Improper Neutralization of Alternate XSS Syntax |
|---|
| Mô tả | A reflective cross-site scripting (XSS) vulnerability was discovered in the Wangmarket 4.9 version. This vulnerability is located in the /admin/system/variableList.do interface, which is used to manage system-level variables. Due to the application's failure to properly clean or neutralize the user input included in the HTTP request, attackers can construct a URL containing a malicious JavaScript payload. When the victim is tricked into clicking this malicious link, the payload will be sent to the server along with the request. The server then immediately reflects the malicious script in the HTTP response and executes it in the victim's browser. |
|---|
| Nguồn | ⚠️ https://www.yuque.com/cocount-eveo/lu0220/flbu025pfmwgudmg?singleDoc#%20%E3%80%8AXSS%20Cross-Site%20Scripting%20Attack%E3%80%8B |
|---|
| Người dùng | eveo (UID 93828) |
|---|
| Đệ trình | 26/12/2025 09:57 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 04/01/2026 09:47 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 339485 [xnx3 wangmarket đến 4.9 Backend Variable Search variableList.do variableList Mô tả Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|