JavaQuarkBBS icon indicating copy to clipboard operation
JavaQuarkBBS copied to clipboard

Published 20 hours ago verified publisher icon ChinaLHR

There are two stored XSS in JavaQuarkBBS

Open hhh7ox opened this issue 3 years ago • 0 comments

【Vulnerability Description】 There is a Cross Site Scripting attack (XSS) vulnerability in the full version of JavaQuarkBBS. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

【Vulnerability Type】 Cross Site Scripting (XSS)

【Affected Version】 <=v2

【Vulnerability Verification】 Find the Background Label Management module, select the new location and enter <script>alert(“标签管理名称”)<script> 1

<script>alert(“标签详情”)<script> 2

【Repair Suggestions】 Strict filtering of user input data

hhh7ox avatar Dec 28 '21 03:12 hhh7ox