CVE-2022-4354 LinZhaoguan pb-cms Message Board comment cross site scripting

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has be...

PT-2021-23575 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "List View" function not being under authority control, allowing remote attackers to access other users' message board content by manipulating URL...

Maccms V8 XSS可打后台 #3

简要描述： 刚发了个后台getshell，但是屌丝的攻城狮要怎么进入后台呢？XSS呀 本应该两个洞一起发的，xss+后台getshell=getshell，手快发早了，只好再找个其它的接口来充数了 详细说明： 在留言板本处 插入即可 打后台 漏洞证明： 结合后台漏洞攻击： 1. 后台任意文件删除，可删除install.lock导致重装 接口 http://localhost/maccms8/admin/?m=extend-picdel post参数： fname%5B%5D=..%2Fupload%2Fart%2F..%5C%5C..%5C%5C\inc\install.lock 2...