| 标题 | xiweicheng TMS v2.28.0 Cross Site Scripting |
|---|
| 描述 | TMS v2.28.0 /admin/blog/comment/create interface Cross-Site Scripting (XSS) vulnerability
In TMS System version v2.28.0, the `/admin/blog/comment/create` endpoint does not apply entity encoding to user-supplied input, leading to a Cross-Site Scripting (XSS) vulnerability.
https://github.com/ha1yu-Yiqiyin/warehouse/blob/main/TMS_v2.28.0_XSS-1.md |
|---|
| 来源 | ⚠️ https://github.com/ha1yu-Yiqiyin/warehouse/blob/main/TMS_v2.28.0_XSS-1.md |
|---|
| 用户 | red0_ha1yu (UID 61457) |
|---|
| 提交 | 2025-12-07 13時25分 (6 月前) |
|---|
| 管理 | 2025-12-16 21時57分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 336939 [xiweicheng TMS 直到 2.28.0 create createComment content 跨网站脚本] |
|---|
| 积分 | 19 |
|---|