Gila CMS 1.11.4 version has xss vulnerability in the release of new posts System environment
The browser used is Firefox
php7.3.4+apache2.4.39+mysql5.7.26 Vulnerability verification step
Vulnerability verification step:
1 log in system
2 Select Posts->Post->new at the control panel
3 Edit the post and insert "><svg/onload=alert(document.cookie)> in the tags
4 Set the post to be public and post the post and then access the page Vulnerability screenshot Repair opinion
Encoding the submitted content of the Tags content
The text was updated successfully, but these errors were encountered:
yaoyao6688
changed the title
[Security]Gila CMS 1.11.4 version has xss vulnerability in the release of new posts
[Security]Gila CMS v1.11.4 has xss vulnerability in the release of new posts
Oct 15, 2019
Gila CMS 1.11.4 version has xss vulnerability in the release of new posts


System environment
The browser used is Firefox
php7.3.4+apache2.4.39+mysql5.7.26
Vulnerability verification step
Vulnerability verification step:
1 log in system
2 Select Posts->Post->new at the control panel
3 Edit the post and insert
"><svg/onload=alert(document.cookie)>in the tags4 Set the post to be public and post the post and then access the page
Vulnerability screenshot
Repair opinion
Encoding the submitted content of the Tags content
The text was updated successfully, but these errors were encountered: