kkFileView icon indicating copy to clipboard operation
kkFileView copied to clipboard

Published 20 hours ago verified publisher icon kekingcn

XSS Vulnerability

Open S2eTo opened this issue 2 years ago • 7 comments

In AttributeSetFilter, multiple parameters are not XSS filtered cn.keking.web.filter.AttributeSetFilter#setWatermarkAttribute image

Parameters are used in commonHeader src/main/resources/web/commonHeader.ftl image

The modified template is referenced by multiple template files, among which picture.ftl image

This template is used in /picturesPreview cn.keking.web.controller.OnlinePreviewController#picturesPreview image

Vulnerability recurrence

/picturesPreview
?urls=aHR0cDovLzE=
&watermarkXSpace=1});}}alert(1);function a(){function b(){return ({//

image

S2eTo avatar Dec 23 '22 03:12 S2eTo