Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Resource and Permissions module of the admin console. A privileged user can inject scripts during the creation of a permission. Details Cross-site scripting or XSS is a code vulnerability that occurs when...

XSS via upload pdf file

Description Hi there, It's my pleasure to submit a report to you again to maintain the safety of the project.Most users can upload files in the module named 'Resources' .We can upload pdf files.But uploading malicious pdf files will cause xss vulnerability which will cause great harm to users of...

JEECMS Resource Module Exploits Arbitrary File Upload Vulnerability

JEECMS is the domestic Java version of the open source web content management system java cms, jsp cms for short. JEECMS product background a function exists in an arbitrary file upload vulnerability. Allow attackers to take advantage of the vulnerability to upload arbitrary files...

CVE-2 0 1 1-2 4 6 1 principles of analysis and case studies-vulnerability and early warning-the black bar safety net

0x00 vulnerability background From the CVE numbers it can be seen that this vulnerability has been for some years 1。 Because this vulnerability occurs in the Flex SDK, rather than the Flash Player. So for developers, as long as they used to have the defects of the Flex SDK to compile FLASH, then ...