Stored XSS in RSS Display and Input Fields

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Type: - Type: Stored XSS - Affected Versions: 9.0.1, 9.0.2, 9.1.0, 9.1.1, 9.1.2, 8.5.10-12, 8.5.13, 8.6.3.5, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 9.0.1, 9.0.2, 9.1.0, 9.1.1, 9.1.2, 8.5.10-12, 9.1.3, 9.2.0, 9.2.1, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.2.9, 9.3.0, 9.3.1, 9.3.2, 9.3.3 2. Affected Components: - Components: RSS Display, Generate Board Name Input Field, getAttributeSetName() 3. Vulnerability Description: - Description: Stored XSS vulnerabilities exist in the RSS Display, Generate Board Name Input Field, and getAttributeSetName() components. These vulnerabilities allow attackers to inject malicious JavaScript code into affected versions. 4. Remediation Measures: - Remediation: These vulnerabilities have been fixed in affected versions. The fixes include stricter input validation to prevent injection of malicious code. 5. Vulnerability Rating: - Rating: The CVSS scores for these vulnerabilities range from 3.1 to 4.0, indicating their severity level. 6. Report Source: - Report Source: These vulnerabilities were reported by different security researchers, including m3dium, fhAnso, and Yusuke Uchida. 7. Affected Version Range: - Affected Version Range: Multiple versions from 9.0.1 to 9.3.3, as well as from 8.5.10-12 to 9.1.3. This information helps users identify which versions and components are affected by stored XSS vulnerabilities and how to remediate them by updating to the latest version.

Goal Reached Thanks to every supporter — we hit 100%!

Stored XSS in RSS Display and Input Fields