192 matches found
IBM Tivoli Netcool/OMNIbus Web GUI Storage Based Cross-Site Scripting Vulnerability (CNVD-2022-05122)
IBM Tivoli Netcool/OMNIbus is a service-level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is a web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats in...
Storage-based Cross-site Scripting Vulnerability in NetCloud Original Novel PC System
Ltd. is the pioneer of professional net article all-platform technology service. A storage-based cross-site scripting vulnerability exists in the NetCloud Original Novel PC system. Attackers can utilize the vulnerability to obtain sensitive information such as user cookies...
Multiple Storage-based Cross-site Scripting Vulnerabilities in DM Building System Frontend
DM building system is developed by php + mysql a set of specialized for small and medium-sized enterprise website construction of open source cms. DM building system front-end exists in a number of storage-based cross-site scripting vulnerabilities. Attackers can exploit the vulnerability to obta...
XSS Vulnerability in the Property Details Page of Hainan Creative Media's PC Website Building System
Hainan Creative Future Culture Media Co., Ltd. is engaged in brand one-stop service e-commerce advertising consulting services media enterprises. We design complete solutions for users and provide the best advertising support services. A storage-based cross-site scripting vulnerability exists in...
74cms 存储型xss
No description provided by source...
Discuz 前台回帖 存储型 DOM XSS
产生原因: JS原生取ELEMENT中HTML内容的方法,会将服务端转义过的单双引号实体编码进行反转。 代码分析: 这里有payload: align="onmouseover="alert1, 那么就从payload开始往回看漏洞是怎么产生的 align="onmouseover="alert1 回帖之后payload显示如上述所示, 跟进 管理员/版主 编辑帖子时的操作 var editorid = 'e'; var textobj = $editorid + 'textarea'; 这里得到textobj = 'etextarea' /static/js/common.js...
cmseasy存储型XSS(CmsEasy_5.5_20140605升级补丁绕过)
简要描述: removexss函数依旧可绕过 详细说明: 这是我用你最新补丁中bbspublic.php里的removexss做的一个小的测试页面: http://x55.me/cmseasy.php?xss=test 下面是相关代码:(x-xss-protection:0 只是为了方便测试) ?php header"X-XSS-Protection: 0"; $val=$GET"xss"; $val = pregreplace'/\x00-\x08,\x0b-\x0c,\x0e-\x19/', '', $val; $search =...
Cmseasy最新版存在存储型XSS及代码分析(2)
简要描述: cmseasy某处存在存储型xss 影响版本:CmsEasy5.x(包括最新版CmsEasy5.5UTF-820140420) 详细说明: 影响版本:CmsEasy5.x(包括最新版CmsEasy5.5UTF-820140420) 存在漏洞的文件:bbspublic.php 用户量级:250,000 BBS下所有POST提交,都会经过bbspublic.php文件里的removexss函数过滤,此函数在bbspublic.php文件的35行,存在问题的代码如下: function removexss$val $val =...
phpdisk某处存储型XSS
简要描述: 指哪打哪,可打后台 详细说明: linux下可以使用作为文件名 上传一个名字为 的文件共享给好友就可以指谁X谁 假如要X后台上传文件名为 " 偷懒代码就不审计了 漏洞证明:...
shopnc最新版存储型xss漏洞
简要描述: shopnc存储型xss漏洞 详细说明: shopnc版本测试http://www.shopnctest.com/c2c/2013/demo/ shopnc用户个人主页处存在存储型XSS,可以获取用户敏感cookie信息。 在买家首页,分享心情处 测试代码为:"alertdocument.cookie// cookie收信平台 "alertdocument.cookie/ 如图 漏洞证明: 如上描述...
UChome存储型xss再来一发
简要描述: UChome 存储xss 再来一发 详细说明: 漏洞证明:...
Phpwind v9.0 存储型xss跨站漏洞
No description provided by source...