Headline
CVE-2023-46503: YXBOOKCMS Reflected XSS · Issue #2 · PwnCYN/YXBOOKCMS
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.
Product Name:
YXBOOKCMS
Affect version:
1.0.2
Case Address:
https://down.chinaz.com/soft/37726.htm (Program download address)
https://www.ys-bs.com/ (The website address has been hacked)
Vulnerability Type:
Reflected XSS
Description:
The reader management and book input module in the background does not filter the input, so there is reflective XSS.
There are no restrictions on readers and book names when adding readers and entering books, resulting in executable JavaScript code and reflective XSS vulnerabilities.