Teamwork Management System
Monthly
Reflected cross-site scripting (XSS) in xiweicheng Teamwork Management System up to version 2.28.0 allows high-privilege users to inject malicious scripts via the content parameter in the /admin/blog/comment/create endpoint. The vulnerability requires admin authentication and user interaction (UI:P), limiting real-world risk despite network accessibility. Publicly available exploit code exists, though EPSS scoring (0.06%, 18th percentile) and CVSS 1.9 indicate low actual exploitation probability due to high privilege requirements.
Reflected cross-site scripting (XSS) in xiweicheng Teamwork Management System up to version 2.28.0 allows high-privilege users to inject malicious scripts via the content parameter in the /admin/blog/comment/create endpoint. The vulnerability requires admin authentication and user interaction (UI:P), limiting real-world risk despite network accessibility. Publicly available exploit code exists, though EPSS scoring (0.06%, 18th percentile) and CVSS 1.9 indicate low actual exploitation probability due to high privilege requirements.