What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
The Duoshuo social comment plugin contains a cross-site scripting (XSS) vulnerability in versions 1.2 and earlier. An attacker can inject malicious scripts that execute in visitors' browsers when they view affected pages. The vulnerability requires user interaction—typically clicking a malicious link—and can affect multiple users across the site. This allows attackers to steal session cookies, redirect users, or deface content.
What an attacker can do
Inject malicious scripts that run in visitors' browsers to steal cookies, redirect users, or deface content.
Potential impact on your site
Visitors' browsers can be compromised; attackers may steal login credentials, inject malware, or deface your site's appearance.
Conditions required to exploit
Visitor must click a malicious link or visit a page containing the injected payload; no authentication required.
Key dates
External resources