Key Information Summary Vulnerability Description Vulnerability Type: JavaScript Code Injection Affected Version: H3blog 1.0 Vulnerable Endpoint: Attack Vector: Forged header Attack Process 1. Forged Request: - The attacker can craft a login request containing malicious JavaScript code. - By forging the header, the attacker can manipulate the IP address recorded in logs. 2. Log Recording: - The backend logs user operations, including username and IP address. - The logging mechanism uses the decorator, which includes the method. 3. Code Execution: - When an administrator views the operation logs, the malicious code is executed. - This may lead to theft of sensitive information (e.g., cookies). Example Code Attack Example Result The malicious code executes successfully, displaying .