SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft
References
| Link | Resource |
|---|---|
| https://github.com/etn0tw/cmscve_test/blob/main/README.md | Exploit Third Party Advisory |
| https://github.com/etn0tw/cmscve_test/blob/main/README.md | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/etn0tw/cmscve_test/blob/main/README.md - Exploit, Third Party Advisory |
12 Oct 2023, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft |
02 Oct 2023, 13:18
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Jrecms springbootcms
Jrecms |
|
| References | (MISC) https://github.com/etn0tw/cmscve_test/blob/main/README.md - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CPE | cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:* | |
| CWE | CWE-79 |
27 Sep 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-27 23:15
Updated : 2024-11-21 08:23
NVD link : CVE-2023-43191
Mitre link : CVE-2023-43191
CVE.ORG link : CVE-2023-43191
JSON object : View
Products Affected
jrecms
- springbootcms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')