提交 #259585: novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting信息

标题novel-plus novel-plus <=v4.2.0 Stored Cross-Site Scripting
描述When the user logs in to the backend of novel-plus as an administrator, the administrator can modify the friendly links when the friendly links are displayed, but the backend does not verify and filter this part of the content, so XSS can be successfully inserted here. Malicious users maliciously access the administrator's backend, then modify the content of the friendly link, and use the event function of the a tag to attack
来源⚠️ https://github.com/JTZ-a/SRC/blob/master/novel-plus/storedXSS2/en-us.md
用户
 JTZ- (UID 59232)
提交2023-12-29 03時18分 (3 年前)
管理2023-12-29 13時12分 (10 hours later)
状态已接受
VulDB条目249307 [Novel-Plus 直到 4.2.0 Friendly Link FriendLinkController.java 跨网站脚本]
积分19

Want to stay up to date on a daily basis?

Enable the mail alert feature now!