edit-icon download-icon

[Vulnerability notice] Storage-type XSS vulnerability in PHPWind

Last Updated: Nov 17, 2017

Description

The require/bbscode.php file in PHPWind imposes less strict filtering policies on user input parameters.

As a result, hackers can send malicious requests to build storage XSS vulnerabilities in the post text, stealing user data and further breaking into the website.

Affected versions

PHPWind 8.7 and later

Fix

Thank you! We've received your feedback.