You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in pear-admin-think <=5.0.6.
Login account to access arbitrary functions and cause stored xss through fake User-Agent
[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in pear-admin-think <=5.0.6.
Login account to access arbitrary functions and cause stored xss through fake User-Agent
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/pearadmin/pear-admin-think
[Affected Product Code Base]
<= 5.0.6
[Affected Component]
[Attack Type]
Remote
[Vulnerability details]
first, prepare two test accounts with different levels.
Senior administrator admin
Low level administrator test
Step 2: log in to the system with test and enter the user management page
Click on any function such as image management and Interception of request packets , Modify UA to xss payload and forward it
Step 3 now log into the system with Senior administrator admin
Step 4 click System Management->Backend Log the xss will be execute
[Impact Code execution]
true
The text was updated successfully, but these errors were encountered: