A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.
References
Link | Resource |
---|---|
https://gitee.com/pear-admin/Pear-Admin-Boot/issues/I6SXHX | Exploit Third Party Advisory |
https://gitee.com/pear-admin/Pear-Admin-Boot/issues/I6SXHX | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-04-25 13:15
Updated : 2025-02-03 18:15
NVD link : CVE-2023-30417
Mitre link : CVE-2023-30417
CVE.ORG link : CVE-2023-30417
JSON object : View
Products Affected
pearadmin
- pear_admin_boot
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')