Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in “hours” fields when creating or editing an issue, using SQLite database
Vulnerability Description
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours field is included in the server response without any HTML encoding or sanitization. Because of this, an attacker can craft a malicious payload such as <script>alert(1)</script> and include it in the planned_hours parameter. The server reflects the input directly in the HTML of the project creation page, causing the browser to interpret and execute it. This vulnerability is fixed in 1.8.3.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Phproject 跨站脚本漏洞
Vulnerability Description
Phproject是Alan个人开发者的一套项目管理系统。该系统支持问题管理、任务管理和仪表板等功能。 Phproject 1.8.0至1.8.3之前版本存在跨站脚本漏洞,该漏洞源于创建新项目时Planned Hours字段存在存储型跨站脚本,可能导致恶意脚本执行。
CVSS Information
N/A
Vulnerability Type
N/A