Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability in reply to product reviews #14

Closed
m0r3try opened this issue Jul 12, 2020 · 1 comment
Closed

XSS vulnerability in reply to product reviews #14

m0r3try opened this issue Jul 12, 2020 · 1 comment

Comments

@m0r3try
Copy link

m0r3try commented Jul 12, 2020

TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page.

Backend open source address: https://github.com/jianyan74/TinyShop
Front-end open source address: https://github.com/stavyan/TinyShop-UniApp
rageframe2: https://github.com/jianyan74/rageframe2

view images: POC
poc1
poc2

@jianyan74
Copy link
Owner

谢谢,已处理

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants