pojoin h3blog HTTP Header login ppt_log cross site scripting

A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function ppt_log of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

h3blog 代码注入漏洞

h3blog是H.C.Q个人开发者的一个注重创作的轻博客系统。 h3blog存在代码注入漏洞，该漏洞源于对文件/login中组件HTTP Header Handler的参数X-Forwarded-For的错误操作，可能导致跨站脚本攻击。

N/A

N/A