Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

S-CMS PHP v3.0 website description storage XSS

There is a storage XSS vulnerability in the background of the s-cms enterprise website building system (PHP version). The attacker logs in to the administrator background and puts malicious js code,serious threat to network security.

exploit

1 Client login to management system, 系统设置->基本设置->SEO设置,input <iframe onload=alert(1)>,then click save.

2 Visit the membership login page,trigger storage XSS vulnerability.

3 Vulnerability system is the latest version,S-CMS Enterprise Station Building System (php version)v3.0