Exploit for CVE-2024-4439

CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...

b3log Symphony Cross-Site Scripting Vulnerability

b3log Symphony aka Sym is an open source set of modern community platforms written in the Java language, including forums, BBS, SNS and blogs. A cross-site scripting vulnerability exists in b3log Symphony version 2.2.0. A remote attacker can exploit this vulnerability by sending a specially craft...

Discuz 4.0 头像设置处可以持久型脚本

简要描述： Discuz 4.0 头像设置处可以post xss脚本， 可能是个老漏洞了，在内网的论坛上发现的，不知道是否没升级…… 详细说明： Discuz 4.0 头像设置处，先选一个系统自带头像，提交，抓包。 将头像地址【customavatars/190.jpg】替换为xss脚本【javascript:alert/x/】,post提交后，所有头像引用代码辩位;可以成功执行。 不过引号、，等会被替换或编码，必须构造无引号的语句 漏洞证明：...