2 matches found
Cross-site Scripting Vulnerability in Tianti CMS (CNVD-2019-09099)
Ladder tianti is a free lightweight CMS system written in Java. A stored cross-site scripting vulnerability exists in the user list module in tianti 2.3, which can be exploited by an attacker via the tianti-module-admin/user/ajax/saverole name parameter to conduct a cross-site scripting attack...
CVE-2018-19089
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/saverole name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\userlist.jsp...