edit-icon download-icon

[Vulnerability notice] Storage-type XSS vulnerability in PHPWind

Last Updated: Nov 17, 2017


The require/bbscode.php file in PHPWind imposes less strict filtering policies on user input parameters.

As a result, hackers can send malicious requests to build storage XSS vulnerabilities in the post text, stealing user data and further breaking into the website.

Affected versions

PHPWind 8.7 and later


Thank you! We've received your feedback.