Explain:
A cross-site scripting (XSS) vulnerability in ShurabhCMS may allow a remote attacker (user) to inject arbitrary Web scripts through the source editor, which will cause the attacker (user) to obtain the cookies of other users and log in to the accounts of other users.
First use the account password to log in to the blog.
When I comment on one of the blogs,I insert malicious code into it.
The website does not filter characters, and malicious code is directly transmitted to the website management interface.
When the administrator clicks the Approve option, the malicious code will be executed.
Now if an ordinary user sees this comment, his cookie will be stolen.
Impact:
This can be used by any user leaving a message on a Web site to perform an operation and may result in hijacking any user's cookie
The text was updated successfully, but these errors were encountered:
Explain:
A cross-site scripting (XSS) vulnerability in ShurabhCMS may allow a remote attacker (user) to inject arbitrary Web scripts through the source editor, which will cause the attacker (user) to obtain the cookies of other users and log in to the accounts of other users.
First use the account password to log in to the blog.
When I comment on one of the blogs,I insert malicious code into it.
The website does not filter characters, and malicious code is directly transmitted to the website management interface.
When the administrator clicks the Approve option, the malicious code will be executed.
Now if an ordinary user sees this comment, his cookie will be stolen.
Impact:
This can be used by any user leaving a message on a Web site to perform an operation and may result in hijacking any user's cookie
The text was updated successfully, but these errors were encountered: