漏洞描述
CHANGING IDExpert是中国CHANGING公司的一个基于零信任,集成 FIDO、生物识别、MFA 等各种机制的身份验证系统。 CHANGING IDExpert 2.5至2.8版本存在跨站脚本漏洞,该漏洞源于不正确地验证特定功能的参数,允许远程攻击者注入JavaScript代码,并执行反射型跨站脚本攻击。
CHANGING IDExpert 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- WordPress plugin WP JobHunt 跨站脚本漏洞
- WordPress Featured Image from URL plugin信息泄露漏洞(CVE-2025-9985)
- Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 (CVE-2025-4204)
- nginxWebUI cmdOver 远程命令执行漏洞
- WordPress plugin Events Addon for Elementor 跨站脚本漏洞
- WordPress plugin Related Posts Lite 跨站请求伪造漏洞
- WordPress plugin TablePress 跨站脚本漏洞
- WordPress plugin Ocean Extra 跨站脚本漏洞