提交 #99644: HsycmsV3.1 cate.php cross site scripting信息

标题HsycmsV3.1 cate.php cross site scripting
描述Vendor Homepage: http://www.hsycms.com/download.html Version: V3.1 Vulnerability description: Hsycms V3.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the "Download Center"(下载中心)-"Category Management"(分类管理)-"Add Category Module"(添加分类模块) under the Site Management page. Vulnerability recurrence: The filtering of $title is not strict in the adding method of the file \hsycms\app\hsycms\controller\Cate.php.
来源⚠️ https://github.com/yztale/hsycms/blob/main/README.md
用户
 tale (UID 40171)
提交2023-03-09 09時04分 (3 年前)
管理2023-03-11 09時05分 (2 days later)
状态已接受
VulDB条目222842 [Hsycms 3.1 Add Category controller\cate.php 标题 跨网站脚本]
积分20

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!