提交 #709002: postmanlabs httpbin <=0.6.1 XSS
| 标题 | postmanlabs httpbin <=0.6.1 XSS |
|---|---|
| 描述 | In the latest version (v0.6.1) of HTTPBIN, the endpoint /base64 does not encode user-controllable parameters when outputting them on the current page, resulting in Reflected XSS. This allows attackers to launch XSS attacks against users. |
| 来源 | ⚠️ https:/ |
| 用户 | ZAST.AI (UID 87884) |
| 提交 | 2025-12-08 09時02分 (5 月前) |
| 管理 | 2025-12-25 13時56分 (17 days later) |
| 状态 | 已接受 |
| VulDB条目 | 338424 [postmanlabs httpbin 直到 0.6.1 core.py 跨网站脚本] |
| 积分 | 16 |