4 matches found
CVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...
CVE-2021-22849 Hyweb HyCMS-J1 - Stored XSS
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...
CVE-2021-22849
CVE-2021-22849 affects Hyweb HyCMS-J1; the backend editing function does not filter special characters, enabling stored XSS where logged-in users can inject JavaScript. Root cause: insufficient input sanitization on editing payloads. Documented impact includes stored XSS risk with potential parti...
phpmps储存型xss一枚
简要描述: rt 详细说明: Phpmps 是基于PHP + MYSQL的开源分类信息发布系统 注册用户后,发布信息。 post.php $catid = $POST'catid' ? intval$POST'catid' : ''; $title = $POST'title' ? htmlspecialcharstrim$POST'title' : ''; $areaid = $POST'areaid' ? intval$POST'areaid' : ''; $postdate = time; $enddate = $POST'enddate'0 ?...