提交 #641127: mrvautin https://github.com/mrvautin/expressCart <=1.0.0 Frame Injection信息

标题mrvautin https://github.com/mrvautin/expressCart <=1.0.0 Frame Injection
描述User-controlled img src allows loading untrusted frames, enabling internal service probe & info gathering, content manipulation within trusted contexts.
来源⚠️ https://github.com/mrvautin/expressCart/issues/288
用户
 ZAST.AI (UID 87884)
提交2025-08-25 12時43分 (9 月前)
管理2025-09-01 13時45分 (7 days later)
状态已接受
VulDB条目322112 [mrvautin expressCart 直到 b31302f4e99c3293bd742c6d076a721e168118b0 Edit Product Page /admin/product/edit/ 权限提升]
积分15

上一步一览下一步

Want to know what is going to be exploited?

We predict KEV entries!