CVE-2024-5405— WinNMP 跨站脚本漏洞

Multiple vulnerabilities in WinNMP from Wtriple

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WinNMP 跨站脚本漏洞

WinNMP是WinNMP的一个用于快速搭建开发服务器的软件包。 WinNMP 19.02版本存在跨站脚本漏洞，该漏洞源于容易受到跨站脚本（XSS）攻击，从而导致攻击者可通过提交特制的JavaScript有效载荷检索会话详细信息。

N/A

N/A