You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stored-XSS found in content field when post a site news
Steps To Reproduce:
1、Login the backstage: http://localhost/hongcms-master/admin/
2、[Sidebar] Choose Others -->Site News, and then post a news
3、Set content field to the following payload <script>alert(document.cookie)</script>
4、On the site front page, we can see the news we just posted
The Same with following
[Sidebar] Choose Others -->Normal Content --> Edit "About Us"
Set content field to same payload, (a lot of aaa... is for discrimination)
`aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Stored-XSS found in content field when post a site news
Steps To Reproduce:
1、Login the backstage:
http://localhost/hongcms-master/admin/
2、[Sidebar] Choose Others -->Site News, and then post a news
3、Set content field to the following payload
<script>alert(document.cookie)</script>4、On the site front page, we can see the news we just posted
The Same with following
[Sidebar] Choose Others -->Normal Content --> Edit "About Us"
<script>alert(document.cookie)</script>`Set content field to same payload, (a lot of aaa... is for discrimination)
`aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Go to: http://localhost/hongcms-master/index.php/about
The text was updated successfully, but these errors were encountered: