Because the data inputed by the user is not effectively filtered, so that attackers can inject javascript code into the HTML page for execution. Anyone who clicks on the page will trigger it
The stored XXS vulnerability exists the admin/index/init.html
POC:
<script>alert('XSS!')</script>
Fix:Filter the site_code parameter
The text was updated successfully, but these errors were encountered:
Because the data inputed by the user is not effectively filtered, so that attackers can inject javascript code into the HTML page for execution. Anyone who clicks on the page will trigger it
The stored XXS vulnerability exists the admin/index/init.html
POC:
<script>alert('XSS!')</script>Fix:Filter the site_code parameter
The text was updated successfully, but these errors were encountered: