PT-2021-10937 · Unknown · Xujinliang Zibbs

Stellarsss

Published

2021-11-02

Updated

2021-11-03

CVE-2020-23719

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xujinliang zibbs version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary code via the bbsmeta parameter in the application/controllers/AdminController.php file. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For xujinliang zibbs version 1.0, consider restricting access to the bbsmeta parameter in the AdminController.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the bbsmeta parameter until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-23719

Affected Products

Xujinliang Zibbs

PT-2021-10937 · Unknown · Xujinliang Zibbs

CVE-2020-23719

Weakness Enumeration

Related Identifiers

Affected Products

References · 4