Stored-XSS Vulnerability Found in Extension module -> System Announcement
Steps to Reproduce
1、Login the backstage http://localhost/wuzhicms-master/www/index.php?m=core&f=index&v=login&_su=wuzhicms
2、Go to Extension Module -> System Announcement -> Post an new one
3、set to the source code mode, add the following payload to content section <script>alert(document.cookie)</script>
4、Save and see the announcement we just posted
Stored-XSS triggered ...
The text was updated successfully, but these errors were encountered:
starnightcyber
changed the title
Stored-XSS Vulnerability
Stored-XSS Vulnerability(Administrator Privilege)
Apr 24, 2018
Stored-XSS Vulnerability Found in Extension module -> System Announcement
Steps to Reproduce
1、Login the backstage



http://localhost/wuzhicms-master/www/index.php?m=core&f=index&v=login&_su=wuzhicms
2、Go to Extension Module -> System Announcement -> Post an new one
3、set to the source code mode, add the following payload to content section
<script>alert(document.cookie)</script>4、Save and see the announcement we just posted
Stored-XSS triggered ...
The text was updated successfully, but these errors were encountered: