CVE-2020-26115

cPanel before 90.0.10 allows self XSS via the Cron Editor interface SEC-574...

客客专业威客系统程序xss漏洞

简要描述： 参数完全没控制. 之前有个selfxss不给我审核过.. 详细说明： /control/user/shopsetting.php $shopname, 'shopslogans' =$shopslogans, 'seotitle' =$seotitle, 'seokeyword' =$seokeyword, 'seodesc' =$seodesc, ; $intRes = $objShopT-save$arrData,array'shopid'=$shopInfo'shopid'; unset$objShopT;...