Lq0ne

1 exploit Active since Mar 2024
CVE-2024-28715 NOMISEC HIGH WRITEUP
DOraCMS < 2.18 - Cross-Site Scripting via markdown0 Function
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
CVSS 8.8