Gửi #75175: YAFNET XSSthông tin

tiêu đềYAFNET XSS
Mô tảYAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions. affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage) Send a private message to the victim after entering the XSS payload into the subject and message fields. Already commit the open source owner and submlit to https://github.com/YAFNET/YAFNET/security/advisories.
Nguồn⚠️ https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing
Người dùng
 lin7lic (UID 39301)
Đệ trình21/01/2023 07:42 (cách đây 3 những năm)
Kiểm duyệt27/01/2023 19:57 (7 days later)
Trạng tháiđược chấp nhận
Mục VulDB219665 [YAFNET đến 3.1.10 Private Message PostPrivateMessage subject/message Tập lệnh chéo trang]
điểm15

Want to stay up to date on a daily basis?

Enable the mail alert feature now!