| 标题 | ujcms v9.7.5 stored XSS |
|---|
| 描述 | There is a vulnerability in the ZIP upload function of the ujcms_v9.7.5 backend. The content of HTML and PDF files in the uploaded ZIP compressed package is not filtered or checked. When users view maliciously crafted HTML or PDF files, the embedded malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens. |
|---|
| 来源 | ⚠️ https://github.com/dromara/ujcms/issues/12 |
|---|
| 用户 | icefoxh (UID 82165) |
|---|
| 提交 | 2025-03-10 03時21分 (1 年前) |
|---|
| 管理 | 2025-03-18 10時19分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 299996 [Dromara ujcms 9.7.5 File Upload WebFileUploadController.java uploadZip/upload 跨网站脚本] |
|---|
| 积分 | 19 |
|---|