NNext issues

Results 5 issues of


                                            NNext

XSS attacks occur at the time of friend link application

There are arbitrary file uploads where ordinary users upload avatars

Affected versions：v3.1.1 ## The steps to reproduce Register an ordinary user arbitrarily, and upload the avatar ![image](https://user-images.githubusercontent.com/78067010/222031131-123b5049-da1c-487f-b437-7da3e70d05a7.png) The front-end restricts the file type, and can only upload image-type files You...

There is a logical loophole in the front end for any user to change the password

Affected versions：v3.1.1 ## The steps to reproduce When logging in, choose to forget your password and choose to retrieve your password And enter any existing email address and its bound...

There is XSS at the place where the friend link is added in the background

In the background, XSS is inserted in the place where the friend link management is added, at the site name and website description, resulting in an XSS popup window appearing...

NNext

XSS attacks occur at the time of friend link application

There are arbitrary file uploads where ordinary users upload avatars

There is a logical loophole in the front end for any user to change the password

There is XSS at the place where the friend link is added in the background

docker一键部署，扫描的时候调用工具不存在