Skip to content
This repository has been archived by the owner on Mar 6, 2022. It is now read-only.

A cross site scripting (XSS) vulnerability storage #3

Open
twoHub opened this issue Aug 22, 2018 · 1 comment
Open

A cross site scripting (XSS) vulnerability storage #3

twoHub opened this issue Aug 22, 2018 · 1 comment

Comments

@twoHub
Copy link

twoHub commented Aug 22, 2018

Wonderful works of CMS! I find the security issues on the management settings website:

A cross-site scripting (XSS) vulnerability is stored in the site name field on the "ADD" button under the "Categories" menu in WistyCMS No.0.62, allowing remote attackers to inject arbitrary Web scripts or HTML via fine site names via WITYCMS/ADMIN-authenticated HTTP requests

default
default
default
You can insert JS code into the input box when you add the "Category" column, and the code will be executed after saving, which will affect the security of your "cms" work Oh!!
default

When you query data, you should do a good job of filtering keywords.

@VictorAlagwu
Copy link
Owner

Thanks for submitting this issue, I would work on it, when I am less busy, but if you already have a fix, you can send in your pull request
Thanks.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants