| 标题 | ruifang-tech Rebuild 3.8.5 Stored Cross Site Scripting |
|---|
| 描述 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Rebuild 3.8.5 through the project task comment attachment upload functionality. Attackers can upload a crafted SVG file containing malicious JavaScript. When a victim views the uploaded SVG, the embedded script is executed in the victim's browser. |
|---|
| 来源 | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskCommentAttachments.md |
|---|
| 用户 | vastzero (UID 78767) |
|---|
| 提交 | 2024-12-07 13時38分 (2 年前) |
|---|
| 管理 | 2024-12-16 09時47分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 288534 [ruifang-tech Rebuild 3.8.5 Task Comment Attachment Upload 跨网站脚本] |
|---|
| 积分 | 17 |
|---|