Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is an XSS vulnerability here #136

Closed
wfnetworks opened this issue Apr 18, 2018 · 1 comment
Closed

There is an XSS vulnerability here #136

wfnetworks opened this issue Apr 18, 2018 · 1 comment

Comments

@wfnetworks
Copy link

After logging in to individual users, go to https://www.html-js.cn/users/userAddContent

Insert XSS payload in 摘要 and 详情, publish;
tougao-xss

The POC request is:
tougao-xss-2

At https://www.html-js.cn/users/userContents
Pop up a web page window
tougao-xss-222
Log in to the administrator demo account and go to the “This is test, please detele” edit. Click 'XSS' to pop up a web page
tougao-xss-3

@doramart
Copy link
Owner

thank you very much, I have add xss on server to solve the bug.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants