You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An issue was discovered in WUZHI CMS 4.1.0. There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the tag[tag] parameter post to the /index.php?m=tags&f=index&v=add&&_su=wuzhicms&_menuid=?&_submenuid=?
The attacker can add a new TAGS with the XSS payload after logining in as a website editor(a role whose privilege is lower than the administrator).
Exploit the vulnerability,a website editor can steal the cookies while the administrator browsing the TAGS Management and activate the XSS code .
POC:
Inject the XSS payload:<script>alert(/xss/)</script>
The text was updated successfully, but these errors were encountered:
Cass203
changed the title
There is a persistent XSS vulnerability that can steal the cookies of the administrator
There is a persistent XSS vulnerability
Apr 18, 2018
An issue was discovered in WUZHI CMS 4.1.0. There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the tag[tag] parameter post to the /index.php?m=tags&f=index&v=add&&_su=wuzhicms&_menuid=?&_submenuid=?
The attacker can add a new TAGS with the XSS payload after logining in as a website editor(a role whose privilege is lower than the administrator).
Exploit the vulnerability,a website editor can steal the cookies while the administrator browsing the TAGS Management and activate the XSS code .
POC:
Inject the XSS payload:<script>alert(/xss/)</script>
The text was updated successfully, but these errors were encountered: