PT-2022-19313 · Unknown · Tieba-Cloud-Sign

Enferas

Published

2022-05-12

Updated

2022-05-21

CVE-2022-28920

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Tieba-Cloud-Sign version 4.9

Description A cross-site scripting (XSS) issue was found in the strip tags function, which can be exploited.

Recommendations For version 4.9, consider disabling the strip tags function until a patch is available to prevent potential XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2022-28920

Tieba-Cloud-Sign