You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Explain:
A cross-site scripting (XSS) vulnerability in BlogCMS may allow a remote attacker to inject arbitrary Web scripts through the source editor, which may result in an attacker obtaining cookies from other administrators and logging into a Web site backend account.
First, browse the website and click on a blog to comment on it.
According to the next picture, the comment contains malicious JavaScript code.
Now, use the administrator's identity to login to the website backstage and view the comments.
The background management interface will pop up the administrator's cookie.
Influence:
Any user leaving a message on a Web site can use it to perform an operation and may cause an administrator to hijack cookies
The text was updated successfully, but these errors were encountered:
Explain:
A cross-site scripting (XSS) vulnerability in BlogCMS may allow a remote attacker to inject arbitrary Web scripts through the source editor, which may result in an attacker obtaining cookies from other administrators and logging into a Web site backend account.
First, browse the website and click on a blog to comment on it.
According to the next picture, the comment contains malicious JavaScript code.
Now, use the administrator's identity to login to the website backstage and view the comments.
The background management interface will pop up the administrator's cookie.
Influence:
Any user leaving a message on a Web site can use it to perform an operation and may cause an administrator to hijack cookies
The text was updated successfully, but these errors were encountered: