Based on the provided image, I need to extract and summarize the key information about the vulnerability in a concise Chinese Markdown format. 1. Vulnerability Overview (漏洞概述): Title: Stored XSS in Comment Module via URI Scheme Validation Bypass (通过 URI 方案验证绕过在评论模块中的存储型 XSS)。 Description: The comment module has a stored XSS vulnerability. It occurs because the validation for URI schemes (like , ) is bypassed. An attacker can inject malicious scripts into comments. Impact: Stored XSS (Persistent XSS). 2. Affected Scope (影响范围): Product: emlog. Version: click me" -> This looks like the payload. But the title says "URI Scheme Validation Bypass". The code in Step 4 checks . So the exploit likely involves putting the malicious link in the "URL" field of the comment, but the check is flawed (maybe case sensitivity? or encoding?). Actually, the text in Step 3 says: "评论内容:click me". This is confusing. Usually, you put the link in the URL field. Let's look at the "Root Cause Analysis" again. It shows the code checking . The text says "The validation for URI schemes... is bypassed". The remediation suggests encoding the output. Let's just extract the visible code blocks as requested. Structure: 漏洞名称: Stored XSS in Comment Module via URI Scheme Validation Bypass 漏洞概述: emlog 评论模块存在存储型 XSS 漏洞。由于对 URI 方案(如 javascript:)的验证存在绕过,攻击者可以在评论中注入恶意脚本。 影响范围: emlog 漏洞总结:emlog 评论模块存储型 XSS (URI Scheme Validation Bypass) 1. 漏洞概述 漏洞名称: Stored XSS in Comment Module via URI Scheme Validation Bypass 描述: emlog 评论模块存在存储型 XSS 漏洞。由于对 URI 方案(如 )的验证存在绕过,攻击者可以在评论中注入恶意脚本。当其他用户查看评论时,脚本会在其浏览器中执行。 影响范围: emlog <= 2.2.6 2. 漏洞代码 (Root Cause Analysis) 漏洞源于对评论 URL 字段的简单字符串检查,未能有效过滤所有恶意 URI 方案。 3. 修复方案 (Remediation) 方案一: 升级到最新版本(如果官方已发布修复补丁)。 方案二: 修改代码,在输出评论 URL 时使用 进行转义,防止脚本执行。 方案三: 实施 URI 方案白名单,仅允许 和 等安全协议。 修复代码示例:**