You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 16, 2022. It is now read-only.
thinkphp-bjyblog is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].
Hello,
I would like to report XSS vulnerability.
In file AdminBaseController.class.php
line 20
In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Mode/Api/functions.php
line 869 function U
function U
function redirect
exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.
The text was updated successfully, but these errors were encountered: