提交 #497603: iteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery信息

标题iteachyou Dreamer CMS 4.1.3 Server-Side Request Forgery
描述A Server-Side Request Forgery (SSRF) vulnerability exists in the iframe embedding functionality in the article editor (编辑文章) of Dreamer CMS 4.1.3. This vulnerability arises because the application allows authenticated backend users to embed iframes with arbitrary src values using the article editor (编辑文章). An authenticated attacker can exploit this functionality to force the server to make unauthorized requests to external targets, potentially exposing sensitive information or enabling further attacks.
来源⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/dreamercms/ServerSideRequestForgery-ArticleEditorIframe.md
用户
 vastzero (UID 78767)
提交2025-02-10 17時10分 (1 年前)
管理2025-02-21 11時38分 (11 days later)
状态重复
VulDB条目296494 [iteachyou Dreamer CMS 4.1.3 /admin/archives/edit editorValue/answer/content 跨网站脚本]
积分0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!