ForestBlog
ForestBlog copied to clipboard
saysky
一个简单漂亮的SSM(Spring+SpringMVC+Mybatis)博客系统
Bumps commons-fileupload from 1.3.3 to 1.5. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [spring-webmvc](https://github.com/spring-projects/spring-framework) from 4.3.19.RELEASE to 5.2.20.RELEASE. Release notes Sourced from spring-webmvc's releases. v5.2.20.RELEASE :star: New Features Restrict access to property paths on Class references #28262 Improve diagnostics in SpEL for...
Bumps [spring-beans](https://github.com/spring-projects/spring-framework) from 4.3.19.RELEASE to 5.2.20.RELEASE. Release notes Sourced from spring-beans's releases. v5.2.20.RELEASE :star: New Features Restrict access to property paths on Class references #28262 Improve diagnostics in SpEL for...
Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 4.3.19.RELEASE to 6.0.0. Release notes Sourced from spring-web's releases. v6.0.0 See What's New in Spring Framework 6.x and Upgrading to Spring Framework 6.x for upgrade instructions and...
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.5.0 to 2.12.7.1. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
### What happened? There are 1 security vulnerabilities found in org.mybatis:mybatis 3.4.0 - [CVE-2020-26945](https://www.oscs1024.com/hd/CVE-2020-26945) ### What did I do? Upgrade org.mybatis:mybatis from 3.4.0 to 3.5.6 for vulnerability fix ### What...
### What happened? There are 1 security vulnerabilities found in org.json:json 20170516 - [MPS-2022-13520](https://www.oscs1024.com/hd/MPS-2022-13520) ### What did I do? Upgrade org.json:json from 20170516 to 20180130 for vulnerability fix ### What...
### What happened? There are 1 security vulnerabilities found in commons-io:commons-io 2.4 - [CVE-2021-29425](https://www.oscs1024.com/hd/CVE-2021-29425) ### What did I do? Upgrade commons-io:commons-io from 2.4 to 2.7 for vulnerability fix ### What...
### What happened? There are 1 security vulnerabilities found in com.github.pagehelper:pagehelper 4.2.1 - [CVE-2022-28111](https://www.oscs1024.com/hd/CVE-2022-28111) ### What did I do? Upgrade com.github.pagehelper:pagehelper from 4.2.1 to 5.3.1 for vulnerability fix ### What...
首先进入注册页面,昵称为任意的javascript代码,我这里以alert(document.cookie)为例获取cookie,真实的利用是将document.cookie的内容通过http请求发送到攻击者远程服务器保存,因为cookie里面包含用户名密码,所以xss攻击成功时攻击者也就获取到了用户/管理员的账号密码 English:First enter the registration page, the nickname is any javascript code, here I take alert(document.cookie) as an example to get the cookie. The real use is to send the...
