Cross-site scripting exists in Finnesoft

[dabaizhizhu]

Discovered as Fanen Software，and this type of vulnerability can be used to kill all vulnerabilities, and other products can be searched on FOFA:title="泛恩(FineSoft)医药管理软件"，There are thousands of influencing IPs

The company of the vulnerability product is：Hangzhou Meisoft Information Technology Co., Ltd(杭州美软信息技术有限公司)

Vulnerability details：
Access the vulnerability URL:http://zjdyyy.8866.org:8089/yy/login.jsp
Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL：myclient
Insert malicious code at the value of a controllable parameter：'><script>alert("crosssitescript")</script>
The page executes malicious code, which proves that cross-site scripting attacks can be implemented

Remediation scenarios：Strict filtering of user-controllable parameters

Discover people：dabaizhizhu