Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering <script> tags but fails to recursively remove dangerous event handlers in other HTML tags (such as onerror in <img> tags). This allows an authenticated remote attacker to inject arbitrary web script or HTML via the body parameter in a POST request to /user/release.html.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JIZHICMS 安全漏洞
Vulnerability Description
JIZHICMS(极致CMS)是中国极致(JIZHI)公司的一套开源的内容管理系统(CMS)。 JIZHICMS 2.5.6及之前版本存在安全漏洞,该漏洞源于app/home/c/UserController.php中的发布功能输入清理不足,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A