You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
Cross-site scripting (XSS) vulnerability in app/main/views.py articleDetails() function and app/templates/_article_comments.html 70 line.
Steps To Reproduce:
1.select one article detials, like:http://122.152.231.228:8080/article-detials/4
2.find the article comment or create new comment.
3.Reply the comment, and the nikename is XSS payload.like: <script>alert(1)</script>,then submit.
4.Click the reply button, trigger the payload.use this vulnerability, I can stealing admin cookies and more.
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
![1](https://user-images.githubusercontent.com/8274796/54326247-d19ba300-4640-11e9-83ee-3ef69ef9adfd.png)
![2](https://user-images.githubusercontent.com/8274796/54326249-d6f8ed80-4640-11e9-9079-70899f74deb9.png)
Cross-site scripting (XSS) vulnerability in app/main/views.py articleDetails() function and app/templates/_article_comments.html 70 line.
Steps To Reproduce:
1.select one article detials, like:http://122.152.231.228:8080/article-detials/4
2.find the article comment or create new comment.
3.Reply the comment, and the nikename is XSS payload.like: <script>alert(1)</script>,then submit.
4.Click the reply button, trigger the payload.use this vulnerability, I can stealing admin cookies and more.
author by jin.dong@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered: