There is XSS vulnerability that can be able to obtain sensitive user information in the foreground

**Reproduction process**
1.Log in to the back office,Click on the background navigation function.
![image](https://user-images.githubusercontent.com/27681113/162864762-28fa92cb-830d-4c2e-814e-a25e6d79feae.png)
2.Click the Add Navigation button,Insert xss payload in the header,As shown below.
![image](https://user-images.githubusercontent.com/27681113/162865062-fe92dd38-8ee7-404e-9a59-2dc134aaa2d1.png)
3.Then click save and go back to the front page of the cms to trigger the xss vulnerability.
![image](https://user-images.githubusercontent.com/27681113/162865214-c26cdf9d-ca73-451c-a76a-9d6857a31678.png)
**Restoration suggestions**
1.Backend filters input for pointed brackets.
2.Frontend uses html entity coding output.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is XSS vulnerability that can be able to obtain sensitive user information in the foreground #457

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development