Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There's no escape being done before printing out the value of noun、verb、exclusive in the SensitiveWords page.
noun
verb
exclusive
Navigate to http://lightcms.bituier.com/admin/login & Log in to the background with the account admin and password admin
Navigate to http://lightcms.bituier.com/admin/SensitiveWords/create & add the below-shared payload as the exclusive field value. Payload - </span><img src=1 onerror=alert(1) /><span>
</span><img src=1 onerror=alert(1) /><span>
Visit page http://lightcms.bituier.com/admin/SensitiveWords, the payload will be triggered.
The text was updated successfully, but these errors were encountered:
fix: xss #18
7619d40
Fixed. Thanks for your feedback.
Sorry, something went wrong.
586be00
eb47ba7
No branches or pull requests
Description -
There's no escape being done before printing out the value of
noun、verb、exclusivein the SensitiveWords page.LightCMS version - v1.3.4
Steps to reproduce -
Navigate to http://lightcms.bituier.com/admin/login & Log in to the background with the account admin and password admin
Navigate to http://lightcms.bituier.com/admin/SensitiveWords/create & add the below-shared payload as the
exclusivefield value.Payload -
</span><img src=1 onerror=alert(1) /><span>Visit page http://lightcms.bituier.com/admin/SensitiveWords, the payload will be triggered.
The text was updated successfully, but these errors were encountered: