XSS vulnerability stored in the publish blog module of Jfinal_cms V5.1.0

There is a stored XSS vulnerability in JFinal_cms 's publish blog module. An attacker can insert malicious XSS code into the keyword field. When the user views the content of the article in the foreground, the malicious XSS code is triggered successfully.

payload: `" onmouseover="alert(document.cookie)`

<img width="1337" alt="image-20220610223449296" src="https://user-images.githubusercontent.com/30547070/173092484-110b2779-da29-49a1-bc3b-f486bd3c11bc.png">

Successfully executed malicious XSS code:

<img width="1424" alt="image-20220610223306205" src="https://user-images.githubusercontent.com/30547070/173092624-5519d82e-2fb0-4a8e-b750-b507a89e8598.png">



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XSS vulnerability stored in the publish blog module of Jfinal_cms V5.1.0 #39

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development