Skip to content

1MurasaKi/PboostCMS_XSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
1.png
1.png
 
 
2.png
2.png
 
 
3.png
3.png
 
 
4.png
4.png
 
 
README.md
README.md
 
 

Repository files navigation

PboostCMS_XSS

BUG_Author: Murasaki

URL:

  • /admin.php?p=/Area/index#tab=t2
  • /admin.php?p=/Role/index

Parameter "name"(POST) exists cross site script injection vulnerability

Link:https://gitee.com/hnaoyun/PbootCMS

There is a cross site scripting vulnerability in the pbootcms V3.2.5-20230421.

In the data area of the backend, the name parameter can be submitted by constructing a JavaScript statement. When the administrator clicks on the system role, the script statement will be triggered, causing cross site script injection.

The following is the process of reproducing vulnerabilities:

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published