Headline
CVE-2023-2476: 公告功能存在存储型XSS漏洞 · Issue #I6W380 · dromara/J2eeFAST - Gitee.com
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ???/??? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.
## 漏洞原因
在 `系统工具/公告管理` 功能下新增公告,公告标题与提示标题处均存在XSS漏洞
公告标题处的xss触发需要点击或者预览公告
但提示标题处的XSS会随提示弹出触发,在登录面板,以及登录后进入主页会直接触发(公告等级为紧急或严重)
## 漏洞复现
使用低权限账户syh创建恶意公告:
使用管理员账户登录系统,触发XSS:
测试单位:山东大学网络空间安全学院