Open
Description
An issue was discovered in yunucms 1.1.5 There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.
POC
<script>alert(123)</script>
Vulnerability trigger point
http://localhost/index.php/admin/category/editcategory?id=73
1.Log in as admin

2.Choose this part

3.Insert code

4.Click on the submit button and refresh

Metadata
Metadata
Assignees
Labels
No labels