New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There are multiple stored XSS on the My-Blog page. #131

Closed

PoppingSnack opened this issue Mar 13, 2023 · 1 comment

PoppingSnack commented Mar 13, 2023

There are multiple stored XSS on the My-Blog page.

path: http://localhost:28083/blog/5
On the blog article details page, attackers may launch XSS attacks on the article content editing page.

path: http://localhost:28083/admin/blogs
An XSS vulnerability exists in the blog title column on the blog management page.

Owner

ZHENFENG13 commented Mar 16, 2023

如果担心某个字符串类型的字端存在xss漏洞，可以直接使用MyBlogUtils中的cleanString()方法，后续再有类似的issue就不再处理，直接关闭了。

比如添加评论的代码实现里，对评论内容进行字符串判断和处理：

MyBlogUtils.cleanString(commentBody);

另外，后台管理系统就是博主自己使用，你要是想自己攻击自己，那没辙。

ZHENFENG13 closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment