Skip to content
This repository has been archived by the owner on Dec 26, 2019. It is now read-only.

There is a Stored XSS with EasyCMS #2

Closed
starnightcyber opened this issue Apr 26, 2018 · 4 comments
Closed

There is a Stored XSS with EasyCMS #2

starnightcyber opened this issue Apr 26, 2018 · 4 comments

Comments

@starnightcyber
Copy link

Stored XSS found when post an article

Steps To Reproduce:
1、Login the backstage:
http://localhost/EasyCMS-master//index.php?s=/admin/login/login.html
2、Before post an article, you need to create an article classification, now we have class - "a"
image
3、Then post a new article or edit an existing one
image
4、No 1.2.3.4 is a simple test to check whether field is vulnerable to stored xss
a)tilte filed
image
b)keyword field
image
Then go to the site front page : http://localhost/EasyCMS-master/
c)abstract field
image
Then click the article to see more
d)content filed
image
The Above four fields are prone to store xss attack

@chenrui1896
Copy link

后台出xss危害大吗

@jaychenthinkfast
Copy link
Collaborator

no protection in the management background,we are not going to deal with it

@sqlsec
Copy link

sqlsec commented Jul 22, 2018

@chenrui1896 CVE收这种漏洞 存在即合理

@chenrui1896
Copy link

@sqlsec 了解

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants