There is a storage type XSS in the site setting up the phone bar
Powered by Shiyan
version:
CMS MaeloStore V.1.5.0
Download link:
https://github.com/maelosoki/MaeloStore
Vulnerability analysis:
The website does not filter the parameters of the search bar, resulting in the existence of XSS vulnerability.
Steps To Reproduce:
1、Login the backstage:
http://127.0.0.1/MaeloStore/admin/
2、[Sidebar] Pengaturan --> [Sidebar] Website ,click Website
3、We continue to come [Column]Telephone,Set content field to the following payload ,And choose to save。
<img src=x onerror=alert(/shiyan/)>
4、When we return to the home page, we trigger a vulnerability
Note: the vulnerability will be exploited by malicious users.


