Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
网站后台添加视频处,包括名称、备注等参数位置均可插入xss代码
(There is a Storage XSS vulnerability in adding videos,XSS code can be inserted at parameter positions including name and remarks……)
插入的xss代码也会在前台被执行,它将影响访问该网站的所有用户
(The inserted XSS code will executed in the foreground,It will affect all users who visit the site)
虽然这个存储型xss位于后台,但该漏洞一旦被利用会导致前台众多用户都会收到攻击
另外,后台添加文章处也有相同问题
The text was updated successfully, but these errors were encountered:
这是 是 这个吊毛 故意留的的漏洞 方便资源站挂马
Sorry, something went wrong.
感谢反馈,将统一修复。
3650581
No branches or pull requests
网站后台添加视频处,包括名称、备注等参数位置均可插入xss代码
(There is a Storage XSS vulnerability in adding videos,XSS code can be inserted at parameter positions including name and remarks……)
插入的xss代码也会在前台被执行,它将影响访问该网站的所有用户
(The inserted XSS code will executed in the foreground,It will affect all users who visit the site)
虽然这个存储型xss位于后台,但该漏洞一旦被利用会导致前台众多用户都会收到攻击
另外,后台添加文章处也有相同问题
The text was updated successfully, but these errors were encountered: