关键信息 Title: xnx3 https://github.com/xnx3/wangmarket <=v6.4 Cross Site Scripting Description: The /siteVar/save.do endpoint is vulnerable to XSS. After logging in with the credentials wangzhan/wangzhan, injecting an XSS payload into the 'Remark' or 'Variable Value' fields during the 'Add Global Variable' operation and saving it results in Stored XSS upon subsequent access. Source: https://github.com/yuccun/CVE/blob/main/wangmarket-Stored_Cross-Site_Scripting.md User: yuccun (UID 93614) Submission: 12/21/2025 10:30 AM (13 days ago) Moderation: 01/01/2026 10:52 AM (11 days later) Status: Accepted VulDB Entry: 339337 (xnx3 wangmarket up to 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting) Points: 17