New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is a Stored-XSS vulnerability in Dswjcms 1.6.4 #4

Open

5huai opened this issue May 14, 2019 · 1 comment

5huai commented May 14, 2019

A Stored-XSS vulnerability exists in Dswjcms 1.6.4, allowing an remote attacker to execute HTML or JavaScript code via the index.php/Dswjcms/Basis/links

PoC: "><script>alert(/xss/)</script><a
Add a Friendship Links

Execute JavaScript code

Owner

tifaweb commented May 15, 2019

后台没做SQL注入过滤，后台权限也是最简单的，所以开源版是很容易进行SQL注入的，这个项目也没有进行维护了，TP版本过老，国内市场也不行

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment