Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DBShop V3.3 Release 231225 has a reflected XSS vulnerability #31

Open
Hebing123 opened this issue Mar 28, 2024 · 1 comment
Open

DBShop V3.3 Release 231225 has a reflected XSS vulnerability #31

Hebing123 opened this issue Mar 28, 2024 · 1 comment

Comments

@Hebing123
Copy link
Owner

Hebing123 commented Mar 28, 2024
edited
Loading

Summary

A reflected XSS (Cross-Site Scripting) vulnerability has been discovered in DBShop商城系统 V 3.3 Release 231225. The vulnerability allows for the execution of arbitrary HTML/javascript code, potentially resulting in the theft of sensitive user information.

Details

The vulnerability is located in My Orders in the User Center. $orderStatus is echoed directly on the page without filtering.
image

Proof of Concept (POC)

http(s)://your-ip/home-order?orderStatus=%22%3E%3Csvg%20onload=alert(5888)%3E
image
@Hebing123
Copy link
Owner Author

No CVE number is assigned.

@Hebing123 Hebing123 changed the title DBShop商城系统 V 3.3 Release 231225 has a reflective XSS vulnerability DBShop V3.3 Release 231225 has a reflected XSS vulnerability Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hebing123