UCMS has cross site scripting attack (XSS) in the title bar of all systems.
Vulnerability version number:
We edit the title of the category after testing the account into the background.
Modified to XSS code
Click "Edit" and then play the box.
Enter the column of the article to edit the title.
Click "Edit" and click "Browse".
XSS frame appears. Malicious code can be executed through XSS.
Suggestions for rectification:
Delete and strengthen the input validation mechanism to filter dangerous characters such as < >, > & amp; and so on.