Open
Description
There is an Stored Cross Site Scripting vulnerability in your latest version of the CMS v1.3.0
Download link: "http://ahdx.down.chinaz.com/201901/bycms_v1.3.zip"
In the BYCMSv1.3.0\application\admin\controller\Document.php, No filtering to title in the edit( ) function:

Vulnerability trigger point
http://bycms/admin.php/document/index/module_id/9/group_id/7.html
1、Log in as admin

2、Choose this part



3、Modify content

4、Edited the refresh vulnerability trigger point

Fix:
Filter the title parameter
Metadata
Metadata
Assignees
Labels
No labels