-
Notifications
You must be signed in to change notification settings - Fork 254
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A XSS bug that can execute code(用户恶意修改 评论 的ua可触发XSS执行代码) #400
Comments
FFreestanding
changed the title
一个xss漏洞
A XSS bug that can execute code(用户恶意修改 评论 的ua可触发XSS执行代码)
Jun 21, 2022
可复现问题的步骤 The steps to reproduce.The latest version of valine is 1.4.18First select a page to test : https://valine.js.org/hexo.htmlCapture the packet then modify the post of the packet and sentbelow payload will make the comments look normal and allows code execution,Google Chrome and Firefox will all be attacked.It workThe alarm information is related to other failed test codes. Please ignore it可复现问题的网页地址 A minimal demohttps://valine.js.org/ maybe all websites which is using the project will be influenced 受影响的Valine版本、操作系统,以及浏览器信息 Which versions of Valine, and which browser / OS are affected by this issue?Valine1.4.18 |
已修复,感谢对Valine的支持~ ❤️ |
收到,感谢反馈,将在下个版本修复
… 在 2022年6月21日,20:45,young-xz ***@***.***> 写道:
可复现问题的步骤 The steps to reproduce.
The latest version of valine is 1.4.18
First select a page to test : https://valine.js.org/hexo.html
Capture the packet then modify the post of the packet and sent
It work
The alarm information is related to other failed test codes. Please ignore it
可复现问题的网页地址 A minimal demo
https://valine.js.org/
https://valine.js.org/hexo.html
maybe other website which is using the project
受影响的Valine版本、操作系统,以及浏览器信息 Which versions of Valine, and which browser / OS are affected by this issue?
Valine1.4.18
win10
Google Chrome
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
如果您想报告错误,请提供以下信息 If you want to report a bug, please provide the following information:
The text was updated successfully, but these errors were encountered: