There is storage XSS in zzcms2020 user information
- version: zzcms2020
- source: http://www.zzcms.net/about/6.htm
- issue: Storage XSS
Position
In zzcms2020/user/manage.php line 100
The content parameter here is controllable, the program has no processing and brings it into the database to output the data on the My exhibition hall(我的展厅) page
POC && Vulnerability exploitation
POC
aaaaaaaaxss"/><img onerror="alert(1)" src="#" />aaaaaaaaaaa
Vulnerability exploitation
open zzcms2020/user/manage.php page , insert poc
Open it again My exhibition hall(我的展厅) page




