Skip to content
This repository was archived by the owner on Mar 6, 2022. It is now read-only.
This repository was archived by the owner on Mar 6, 2022. It is now read-only.

A cross site scripting (XSS) vulnerability storage #3

Open
@twoHub

Description

@twoHub

Wonderful works of CMS! I find the security issues on the management settings website:

A cross-site scripting (XSS) vulnerability is stored in the site name field on the "ADD" button under the "Categories" menu in WistyCMS No.0.62, allowing remote attackers to inject arbitrary Web scripts or HTML via fine site names via WITYCMS/ADMIN-authenticated HTTP requests

default
default
default
You can insert JS code into the input box when you add the "Category" column, and the code will be executed after saving, which will affect the security of your "cms" work Oh!!
default

When you query data, you should do a good job of filtering keywords.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions