Headline
CVE-2023-44826: GitHub - jacyyang52/chandaoxss
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
There is a storage xss vulnerability in the zentao OA
##[CVE ID]
CVE-2023-44826
##[PRODUCT]
zentao OA Open source version 18.6
##[VERSION]
Open source version 18.6
##[PROBLEM TYPE]
Cross Site Scripting (XSS)
##[DESCRIPTION]
There is a stored XSS vulnerability in the background of zentao OA, which can steal user cookies or perform watering hole attacks
Location of vulnerability:http://127.0.0.1:81/zentao/project-browse-0-all.html
Create the project and insert the XSS script at the username
Click Save to save the project in the background
View the created project and trigger a pop-up window