An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://github.com/WeBankPartners/wecube-platform | third party advisory |
https://github.com/WeBankPartners/wecube-platform/issues/2328 | third party advisory exploit |