2 matches found
GHSA-3FM2-XFQ7-7778 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
Summary Stored XSS Leading to Account Takeover Details The Exploit Chain: 1.Upload: The attacker uploads an .html file containing a JavaScript payload. 2.Execution: A logged-in administrator is tricked into visiting the URL of this uploaded file. 3.Token Refresh: The JavaScript payload makes a...
SonarSource SonarQube 安全漏洞
SonarSource SonarQube is an open source code quality management system from SonarSource, Switzerland. A security vulnerability exists in SonarSource SonarQube versions prior to 9.9.5 LTA and 10.x versions prior to 10.5, which stems from the ability of a user with the administrator role to modify...