Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

网站后台添加视频处存在存储型XSS漏洞(There is a cross-site scripting (XSS) vulnerability in adding videos) #746

Closed
jelly0930 opened this issue Nov 11, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@jelly0930
Copy link

jelly0930 commented Nov 11, 2021

网站后台添加视频处,包括名称、备注等参数位置均可插入xss代码

(There is a Storage XSS vulnerability in adding videos,XSS code can be inserted at parameter positions including name and remarks……)

image

插入的xss代码也会在前台被执行,它将影响访问该网站的所有用户

(The inserted XSS code will executed in the foreground,It will affect all users who visit the site)

image

虽然这个存储型xss位于后台,但该漏洞一旦被利用会导致前台众多用户都会收到攻击

另外,后台添加文章处也有相同问题

@jelly0930 jelly0930 changed the title 网站后台存添加视频处存在存储型XSS漏洞 网站后台添加视频处存在存储型XSS漏洞 Nov 11, 2021
@jelly0930 jelly0930 changed the title 网站后台添加视频处存在存储型XSS漏洞 网站后台添加视频处存在存储型XSS漏洞(There is a cross-site scripting (XSS) vulnerability in adding videos) Nov 12, 2021
@dadawang88
Copy link

这是 是 这个吊毛 故意留的的漏洞 方便资源站挂马

@magicblack magicblack added the enhancement New feature or request label Nov 17, 2021
@magicblack
Copy link
Owner

感谢反馈,将统一修复。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants