11 matches found
Badaso 跨站脚本漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A cross-site scripting vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the Name of membe...
CVE-2023-38974
A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-38973
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-38973
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-38974
A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-38974
CVE-2023-38974 affects Badaso v2.9.7 with a stored XSS in the Edit Category Title parameter. Root cause: input not sanitized in the Title field. Impact: arbitrary script execution in user browsers as described by sources; exploitation details not provided. Remediation: no patch/version in CVE doc...
CVE-2023-38973
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2023-38973
The CVE-2023-38973 entry describes a stored XSS in the Add Tag function of Badaso v2.9.7, triggered by crafted payload in the Title parameter. This is the confirmed vulnerability surface: web-accessible Add Tag title handling allows script/HTML execution. No exploit details are provided in the co...
CVE-2023-38973
A stored cross-site scripting XSS vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...