CVE-2023-33599: EasyImages2.0 Cross-site scripting(xss) vulnerability · Issue #115 · icret/EasyImages2.0

EasyImages2.0 Cross-site scripting(xss) vulnerability****Impact version

EasyImages2.0 ≤ 2.8.1

Analysis Report****Vulnerability file

/app/viewlog.php

When displaying logs, the file directly outputs the log content to the front-end page without taking any preventive measures

Vulnerability exploitation

1.Use the JS script for the user parameter on the login page

2.The malicious code is triggered when the admin user views the login log

Fixes

Filter special characters when displaying logs