PT-2023-19767 · Dromara · Dromara J2Eefast
南风过境-梦至西洲
·
Published
2023-05-02
·
Updated
2024-05-17
·
CVE-2023-2476
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dromara J2eeFAST versions up to 2.6.0
Description
A problematic issue was found in the Announcement Handler component. The manipulation of the argument
系统工具/公告管理 or ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Dromara J2eeFAST versions up to 2.6.0, apply a patch to fix this issue. The patch name is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. As a temporary workaround, consider restricting access to the Announcement Handler component until the patch is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dromara J2Eefast