Description
XSS vulnerability in u5cms version 8.3.5
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
When I access the default home page on the web, if the parameter passed in is /? "Onmouseover=%27tzgl (96502)%27bad=", it can be found that the passed in parameters appear in the href attribute of a tag in the page.
Then view the source code,you can find the entered parameters and their existence in the href attribute of the a tag
If the parameter passed in is a payload carefully constructed by the attacker, it may cause more serious HTML injection. And if possible, I strongly suggest you check more carefully whether the parameters entered by the user are legal when handling user input and output in the program.
Best wishes!

