Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I would like to report Cross Site Scripting vulnerability in YzmCMS V5.2.
Description: Cross-site scripting (XSS) vulnerability in search pages and you can inject arbitrary web script or HTML via the multiple parameters.
In the content.class.php row 42, No filtering of the searinfo parameter
Steps To Reproduce: 1.login to administrator panel. 2.Open below URL in browser which supports flash. url:http://192.168.127.130/yzmcms/admin/content/search.html?m=admin&c=content&a=search&modelid=1&catid=0&start=&end=2018-11-08&flag=0&status=99&type=1&searinfo={xsspayload}&dosubmit=1 eg: xsspayload="><script>alert(1)</script>
Fix: Filter the searinfo parameter
The text was updated successfully, but these errors were encountered:
在后台这样搞,好像没啥用吧
Sorry, something went wrong.
No branches or pull requests
Hi, I would like to report Cross Site Scripting vulnerability in YzmCMS V5.2.
Description:
Cross-site scripting (XSS) vulnerability in search pages and you can inject arbitrary web script or HTML via the multiple parameters.
In the content.class.php row 42, No filtering of the searinfo parameter

Steps To Reproduce:

1.login to administrator panel.
2.Open below URL in browser which supports flash.
url:http://192.168.127.130/yzmcms/admin/content/search.html?m=admin&c=content&a=search&modelid=1&catid=0&start=&end=2018-11-08&flag=0&status=99&type=1&searinfo={xsspayload}&dosubmit=1
eg:
xsspayload="><script>alert(1)</script>
Fix:
Filter the searinfo parameter
The text was updated successfully, but these errors were encountered: