Description
Typecho comments URL with Stored-XSS vulnerability.
1.Comment on an article in any capacity with xss payload.
2.In Comments /usr/themes/default/comments.php,The url parameter filters only the beginning without any other protection, and directly echoed to html.
3.XSS is triggered when the site is visited again.
Influenced Version
Typecho <= 1.2.0
Description

Typecho comments URL with Stored-XSS vulnerability.
1.Comment on an article in any capacity with xss payload.
2.In Comments
/usr/themes/default/comments.php,The url parameter filters only the beginning without any other protection, and directly echoed to html.3.XSS is triggered when the site is visited again.
POC
POST
/index.php/archives/1/commentwith:The full POC request:
or type directly into the website below then commit:

The text was updated successfully, but these errors were encountered: