CVE-2022-39301
CVE-2022-39301 concerns sra-admin, a front/back-end separated rights management system. The issue affects version 1.1.1, where a storage cross-site scripting (XSS) vulnerability lies in the Profile Picture Upload under Personal Center. An attacker who logs in could upload an HTML page containing ...