Vulnerability file:\Application\Home\Controller\MessageController.class.php
You can see that the xss vulnerability is not filtered here
Vulnerability to reproduce:
1、Visit url: http://www.xxx.com/index.php?m=home&c=message&a=add ,use the post method to pass in parameter values,the specific operation screenshots are as follows:
2、Access background address: http://www.xxx.com/Admin/Message/index/menuId/132 ,you can see the success popup
Or you can log in to the background, click Extension Tools, and then click Message Management,a popup will appear next
Repair suggestion:
Use php built-in functions such as htmlspecialchars to filter xss vulnerabilities
The text was updated successfully, but these errors were encountered:
Vulnerability file:\Application\Home\Controller\MessageController.class.php

You can see that the xss vulnerability is not filtered here
Vulnerability to reproduce:



1、Visit url: http://www.xxx.com/index.php?m=home&c=message&a=add ,use the post method to pass in parameter values,the specific operation screenshots are as follows:
2、Access background address: http://www.xxx.com/Admin/Message/index/menuId/132 ,you can see the success popup
Or you can log in to the background, click Extension Tools, and then click Message Management,a popup will appear next
Repair suggestion:
Use php built-in functions such as htmlspecialchars to filter xss vulnerabilities
The text was updated successfully, but these errors were encountered: