CVE-2024-31828
CVE-2024-31828
BUG_Author:
F1sher
Affected version:
LavaLite CMS v.10.1.0
Vendor:
https://github.com/LavaLite/cms
Software:
https://github.com/LavaLite/cms/releases/tag/v10.1.0
Describe the bug
Everyone can take advantage of a XSS vulnerability in the URL.
To Reproduce
Enter website address
1 | https://lavalite.org/docs/master/"><svg onload=alert(1)> |
Expected behavior
Filter keywords such as onload and svg
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
OS: Windows
Browser: Google
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 J1Nmu!
评论
