New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jizhicms v1.7.1 msg reflected xss vulnerability #28
Comments
mtfly
changed the title
XSS vulnerability
jizhicms v1.7.1 msg reflected xss vulnerability
Jun 15, 2020
首先,请您阅读安装时的使用协议!
其次,此XSS不会造成任何影响。 |
HI, did you fix CVE-2020-23644 & CVE-2020-23643? thanks! |
thanks for your message. the CVE-2020-23644 is fix and the CVE-2020-23643 no fix. We didn't pay attention to these CEVS because they didn't remind us. Thank you again for your reminder, we will fix it in the next version.
…------------------ 原始邮件 ------------------
发件人: "OrenSavichWS"<notifications@github.com>;
发送时间: 2021年1月12日(星期二) 下午5:56
收件人: "Cherry-toto/jizhicms"<jizhicms@noreply.github.com>;
抄送: "如沐春"<2581047041@qq.com>; "State change"<state_change@noreply.github.com>;
主题: Re: [Cherry-toto/jizhicms] jizhicms v1.7.1 msg reflected xss vulnerability (#28)
HI, did you fix CVE-2020-23644 & CVE-2020-23643?
if so, in what commit?
thanks!
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A xss vulnerability was discovered in jizhicms 1.7.1
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the msg parameter of /index.php/Error/index?msg=1
Vulnerability file:
Home/c/ErrorController.php
PoC:
http://example.com/index.php/Error/index?msg=%3Cscript%3Ealert(1)%3C/script%3E
The text was updated successfully, but these errors were encountered: