A xss vulnerability was discovered in newest zblogphp.
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML in background web site settings: POC:
In the copyright information office,insert<img src=1 onerror=alert(1)>
Then access the website home page to trigger the vulnerability:
The text was updated successfully, but these errors were encountered:
A xss vulnerability was discovered in newest zblogphp.


There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML in background web site settings:
POC:
In the copyright information office,insert
<img src=1 onerror=alert(1)>Then access the website home page to trigger the vulnerability:
The text was updated successfully, but these errors were encountered: