| 标题 | ujcms v9.7.5 stored XSS |
|---|
| 描述 | There is a vulnerability in the template file editing function of the ujcms_v9.7.5 backend. The embedded JavaScript is not filtered or checked. When users access files with embedded malicious code, the malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens. |
|---|
| 来源 | ⚠️ https://github.com/dromara/ujcms/issues/14 |
|---|
| 用户 | icefoxh (UID 82165) |
|---|
| 提交 | 2025-03-10 03時23分 (1 年前) |
|---|
| 管理 | 2025-03-18 10時20分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 299997 [Dromara ujcms 9.7.5 Edit Template File Page WebFileTemplateController.java update 跨网站脚本] |
|---|
| 积分 | 18 |
|---|