There is a stored XSS vulnerability in the feedback function module of jfinal_cms V5.1.0
There is a stored XSS vulnerability in the feedback of jfinal_cms. An attacker can insert malicious XSS code into the feedback content. When the administrator views the feedback list in the background, the malicious XSS code is successfully triggered.
First register for a user test, then enter the feedback page, insert malicious XSS attack code in the feedback content:
Then, when the administrator views the feedback in the background, the malicious XSS code is successfully triggered, and there is no need to click on the corresponding feedback, it can be triggered only on the list page.
Administrators view the feedback list:
Successfully executed malicious XSS code:
Safety advice:
Strictly filter the user's input
Strict control of page rendering content
The text was updated successfully, but these errors were encountered:
There is a stored XSS vulnerability in the feedback function module of jfinal_cms V5.1.0
There is a stored XSS vulnerability in the feedback of jfinal_cms. An attacker can insert malicious XSS code into the feedback content. When the administrator views the feedback list in the background, the malicious XSS code is successfully triggered.
First register for a user test, then enter the feedback page, insert malicious XSS attack code in the feedback content:
Payload : 111"><script>alert(document.cookie)</script>
Then, when the administrator views the feedback in the background, the malicious XSS code is successfully triggered, and there is no need to click on the corresponding feedback, it can be triggered only on the list page.
Administrators view the feedback list:
Successfully executed malicious XSS code:

Safety advice:
The text was updated successfully, but these errors were encountered: