CVE-2021-38710

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

Github yclas 跨站脚本漏洞

Github yclas is a powerful script that can convert any domain into a fully customizable classified ads site in seconds. A cross-site scripting vulnerability exists in Yclas version 4.3.0, which stems from the fact that the software's install/view/form.php does not validate and escape the SITENAME...