Primary

Context

DBSyncer Stored Cross-Site Scripting Vulnerability in Edit Profile Feature

Vulnerability

A stored cross-site scripting vulnerability has been identified in DBSyncer version 2.0.6, specifically within the Edit Profile feature. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript payloads in the context of the affected user, potentially leading to session hijacking, phishing attacks, or other client-side exploitation.

Reproduction

To reproduce this vulnerability, log into the DBSyncer web application as a valid user. Navigate to the 'Edit Profile' section and locate the 'Nickname' field. Inject a script payload, such as a simple alert script, and save the changes. The injected script will be executed when the page is refreshed or when the nickname is displayed elsewhere on the site.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DBSyncer Stored Cross-Site Scripting Vulnerability in Edit Profile Feature

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating