Skip to content

Cross Site Scripting Vulnerability in Latest Release #43

Closed
@HatBoy

Description

@HatBoy

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description:
Cross-site scripting (XSS) vulnerability in app/main/views.py articleDetails() function and app/templates/_article_comments.html 70 line.
Steps To Reproduce:
1.select one article detials, like:http://122.152.231.228:8080/article-detials/4
2.find the article comment or create new comment.
3.Reply the comment, and the nikename is XSS payload.like: <script>alert(1)</script>,then submit.
1
4.Click the reply button, trigger the payload.use this vulnerability, I can stealing admin cookies and more.
2

author by jin.dong@dbappsecurity.com.cn

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions