You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Register a account in the demo domain http://yapi.demo.qunar.com/
Then new a project:
Insert the paload xss"><img src=1 onerror=alert(/xss/)> in project name and set the project as public.
Then put the project to as public group ,such as test2, so every one can view the project
When the someone including the managers & administrators views the operation dynamics of the project, malicious js code will execute.
什么浏览器
~ chrome
什么系统(Linux, Windows, macOS)
~ Linux
The text was updated successfully, but these errors were encountered:
Version
~ 1.3.22
Problem
~ Stored XSS in Project Name
如何复现此问题
Then new a project:
Insert the paload
xss"><img src=1 onerror=alert(/xss/)>in project name and set the project as public.test2, so every one can view the project什么浏览器
~ chrome
什么系统(Linux, Windows, macOS)
~ Linux
The text was updated successfully, but these errors were encountered: