关键漏洞信息 CVE: CVE-2022-0145 Vulnerability Type: CWE-79: Cross-site Scripting (XSS) - Stored Severity: Medium (6.8) Description: When a new module is uploaded, the module's description can contain JavaScript code. After uploading the module and viewing the Details page, the JavaScript code is executed. PoC: - Downloaded the ForkCMS Banners module from GitHub. - Modified the file to include a script tag with an alert function. - Uploaded the modified module and visited the Details page. Impact: Any JavaScript can be executed, potentially leading to session cookie theft. Affected Version: Not explicitly stated in the screenshot. Status: Fixed Disclosure Bounty: $12.5 Fix Bounty: $3.13 Found by: @kstarkloff Fixed by: @carakas