CVE-2024-57278 Information

Description

A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input the script executes in the victim’s browser context.

Reference

https://github.com/78778443/QingScan/issues/41 https://github.com/78778443/QingScan/issues/41