We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There are multiple stored XSS on the My-Blog page.
The text was updated successfully, but these errors were encountered:
如果担心某个字符串类型的字端存在xss漏洞,可以直接使用MyBlogUtils中的cleanString()方法,后续再有类似的issue就不再处理,直接关闭了。
比如添加评论的代码实现里,对评论内容进行字符串判断和处理:
MyBlogUtils.cleanString(commentBody);
另外,后台管理系统就是博主自己使用,你要是想自己攻击自己,那没辙。
Sorry, something went wrong.
No branches or pull requests
There are multiple stored XSS on the My-Blog page.
On the blog article details page, attackers may launch XSS attacks on the article content editing page.
An XSS vulnerability exists in the blog title column on the blog management page.
The text was updated successfully, but these errors were encountered: