[Vulnerability description]
Ujcms v8.0.2 has a vulnerability that upload a pdf file with hidden Cross Site Scripting (XSS).
[Vulnerability Type]
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
[Vendor of Product]
https://gitee.com/ujcms/ujcms
https://github.com/ujcms/ujcms
https://www.ujcms.com/
[Affected Product Code Base]
v8.0.2
[Vulnerability proof]
Condition: tomcat deployment project
-
we could upload this poc.
-
click view in edge.
[Repair suggestion]
- We should filter the PDF file uploaded by the user to ensure that it does not contain malicious scripts and other content.
[Vulnerability description]
Ujcms v8.0.2 has a vulnerability that upload a pdf file with hidden Cross Site Scripting (XSS).
[Vulnerability Type]
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
[Vendor of Product]
https://gitee.com/ujcms/ujcms
https://github.com/ujcms/ujcms
https://www.ujcms.com/
[Affected Product Code Base]
v8.0.2
[Vulnerability proof]
Condition: tomcat deployment project
we could upload this poc.
click view in edge.
[Repair suggestion]