Version: <=4.3.1
My English is not good, the report is translated by Google.
Recurring vulnerabilities:
Vulnerability url: http://127.0.0.1:8000/admin/blog/blogpost/add/
When adding a blog, use Burpsuite to capture the package, modify the title to test<svg/onload=alert(1)> and the content as <svg>
Return http://127.0.0.1:8000/blog/ to trigger the xss
The cause of the vulnerability is due to the description_from_content function of core/models.py, line 184, where the value of title is called, resulting in xss
The text was updated successfully, but these errors were encountered:
Version: <=4.3.1



My English is not good, the report is translated by Google.
Recurring vulnerabilities:
Vulnerability url:
http://127.0.0.1:8000/admin/blog/blogpost/add/When adding a blog, use Burpsuite to capture the package, modify the title to
test<svg/onload=alert(1)>and the content as<svg>Return
http://127.0.0.1:8000/blog/to trigger the xssThe cause of the vulnerability is due to the description_from_content function of core/models.py, line 184, where the value of title is called, resulting in xss
The text was updated successfully, but these errors were encountered: