PT-2023-19766 · Dromara · Dromara J2Eefast

南风过境-梦至西洲

Publicado

2023-05-02

Atualizado

2024-05-17

CVE-2023-2475

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Dromara J2eeFAST versions up to 2.6.0

Description A problematic issue affects the System Message Handler component, where the manipulation of the argument 主题 or ?? leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For Dromara J2eeFAST versions up to 2.6.0, apply the patch named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d to fix this issue. As a temporary workaround, consider restricting the manipulation of the 主题 or ?? argument in the System Message Handler component until the patch is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-2475

Produtos afetados

Dromara J2Eefast

PT-2023-19766 · Dromara · Dromara J2Eefast

CVE-2023-2475

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7