PT-2023-19767 · Dromara · Dromara J2Eefast
南风过境-梦至西洲
·
Publicado
2023-05-02
·
Atualizado
2024-05-17
·
CVE-2023-2476
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dromara J2eeFAST versions up to 2.6.0
Description
A problematic issue was found in the Announcement Handler component. The manipulation of the argument
系统工具/公告管理 or ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Dromara J2eeFAST versions up to 2.6.0, apply a patch to fix this issue. The patch name is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. As a temporary workaround, consider restricting access to the Announcement Handler component until the patch is applied.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dromara J2Eefast