Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Advanced Electron Forum Private Message模块跨站脚本漏洞
Vulnerability Description
Advanced Electron Forum(AEF)是一套使用PHP语言编写的在线论坛系统。Private Message是其中的一个个人信息模块。 AEF 1.0.9版本中的Private Message模块的‘FTP Link’元素存在跨站脚本漏洞,该漏洞源于站内短消息编辑器没有过滤内容。远程攻击者可利用该漏洞注入恶意的脚本代码载荷。
CVSS Information
N/A
Vulnerability Type
N/A