This repository was archived by the owner on Mar 6, 2022. It is now read-only.
This repository was archived by the owner on Mar 6, 2022. It is now read-only.
A cross site scripting (XSS) vulnerability storage #3
Open
Description
Wonderful works of CMS! I find the security issues on the management settings website:
A cross-site scripting (XSS) vulnerability is stored in the site name field on the "ADD" button under the "Categories" menu in WistyCMS No.0.62, allowing remote attackers to inject arbitrary Web scripts or HTML via fine site names via WITYCMS/ADMIN-authenticated HTTP requests



You can insert JS code into the input box when you add the "Category" column, and the code will be executed after saving, which will affect the security of your "cms" work Oh!!

When you query data, you should do a good job of filtering keywords.