There are two stored XSS in JavaQuarkBBS

【Vulnerability Description】
There is a Cross Site Scripting attack (XSS) vulnerability in the full version of JavaQuarkBBS. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

【Vulnerability Type】
Cross Site Scripting (XSS) 

【Affected Version】
<=v2

【Vulnerability Verification】
Find the Background Label Management module, select the new location and enter
`<script>alert(“标签管理名称”)<script>`
![1](https://user-images.githubusercontent.com/89822929/147525408-b64baffd-be6e-4478-a634-86d94e43b2c3.jpg)

`<script>alert(“标签详情”)<script>`
![2](https://user-images.githubusercontent.com/89822929/147525485-f1ae4da8-8756-4125-b86f-8b42874b8a10.jpg)

【Repair Suggestions】
Strict filtering of user input data


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There are two stored XSS in JavaQuarkBBS #23

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There are two stored XSS in JavaQuarkBBS #23

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions