There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS v1.3.0
Download link: "http://ahdx.down.chinaz.com/201901/bycms_v1.3.zip"
In the BYCMSv1.3.0\application\admin\controller\Document.php, No filtering to title in the edit( ) function:
Vulnerability trigger point http://bycms/admin.php/document/index/module_id/9/group_id/7.html
1、Log in as admin
2、Choose this part
3、Modify content
4、Edited the refresh vulnerability trigger point
Fix:
Filter the title parameter
The text was updated successfully, but these errors were encountered:
Richard1266
changed the title
Bug:V3.0.4 Cross Site Scripting Vulnerability
Bug:V1.3.0 Cross Site Scripting Vulnerability
Apr 8, 2019
There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS v1.3.0







Download link: "http://ahdx.down.chinaz.com/201901/bycms_v1.3.zip"
In the BYCMSv1.3.0\application\admin\controller\Document.php, No filtering to title in the edit( ) function:
Vulnerability trigger point
http://bycms/admin.php/document/index/module_id/9/group_id/7.html
1、Log in as admin
2、Choose this part
3、Modify content
4、Edited the refresh vulnerability trigger point
Fix:
Filter the title parameter
The text was updated successfully, but these errors were encountered: