Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1086: CVEproject/DolphinPHPV1.5.0_xss.md at main · xiahao90/CVEproject

A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE
#xss#vulnerability#web#git

DolphinPHP<=1.5.0 Authenticated Stored Cross-Site Scripting(XSS)****Description

The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).

Vendor Homepage

https://dolphinphp.com/
https://github.com/caiweiming/DolphinPHP

Author

[email protected] inc  

Proof of Concept

1,After the system installation is completed, log in to the background blockchain blockchain blockchain

2,Insert a danger code where the nickname is modified in the personal settings

<script>alert(1);</script>超级管理员

blockchain

3,Click “user” - > “permission management” - > “user management” to execute the code blockchain blockchain

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907