In the main.js file, the machineDetail parameter and the machineDetail parameter under the machineDetail.info method are controllable, and the machineDetail parameter is not strictly filtered, causing XSS injection vulnerabilities!
iami233
changed the title
Subscription-Manager v1.0 /main.js hava a SQL Injection Vulnerability
Subscription-Manager v1.0 /main.js hava a XSS Vulnerability
Apr 14, 2022
Vulnerability file:
/main.jsIn the
main.jsfile, themachineDetailparameter and themachineDetailparameter under themachineDetail.infomethod are controllable, and themachineDetailparameter is not strictly filtered, causing XSS injection vulnerabilities!POC
The text was updated successfully, but these errors were encountered: