------------------ 原始邮件 ------------------
发件人: "熵增"<notifications@github.com>;
发送时间: 2020年3月16日(星期一) 中午11:08
收件人: "Cherry-toto/jizhicms"<jizhicms@noreply.github.com>;
抄送: "Subscribed"<subscribed@noreply.github.com>;
主题: [Cherry-toto/jizhicms] XSS Stealing cookies (#16)
JIZHICMS 1.5.1 allows XSS to add an administrator cookie.
New normal account => New articles
code:
<script>alert(1)</script>
Go to administrator background
Click on the title to trigger XSS
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
JIZHICMS 1.5.1 allows XSS to add an administrator cookie.
New normal account => New articles

code:
Go to administrator background
Click on the title to trigger XSS
The text was updated successfully, but these errors were encountered: