Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a storage XSS vulnerability in the template module #152

Closed
ghost opened this issue May 12, 2021 · 1 comment
Closed

There is a storage XSS vulnerability in the template module #152

ghost opened this issue May 12, 2021 · 1 comment

Comments

@ghost
Copy link

ghost commented May 12, 2021

There is a storage XSS vulnerability in the template module.
The figure shows the setting interface of template management, which is used to describe the left part of the home page.
URL: http://localhost:8080/admin/template/setting

After inputting the payload in the figure above, any user entering the home page will trigger XSS vulnerability.

However, if hackers enter the background by means of weak password and add XSS code, they can easily cause great harm: Hijacking cookies, obtaining sensitive information, phishing and so on.

Similarly, there is a storage XSS vulnerability in commodity tag management, which can be successfully triggered on the commodity page

@JPressProjects
Copy link
Owner

这不是问题,后台本身就允许编辑代码。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant