XSS Vulnerability #8

Closed
opened 2 years ago by zxc7528064 · 5 comments
zxc7528064 commented 2 years ago (Migrated from github.com)
Owner

Hi ~ I find a XSS Vulnerability (Stored)
Version : 10.1.02
Author : Noth(沈彧璿)
Step 1 : login system
Step 2 : /zwiicms/?config/script/body ,XSS weakness in the "Editor de script dans Body" store.
4
Step 3 : Back to the front desk
5

Hi ~ I find a XSS Vulnerability (Stored) Version : 10.1.02 Author : Noth(沈彧璿) Step 1 : login system Step 2 : /zwiicms/?config/script/body ,XSS weakness in the "Editor de script dans Body" store. ![4](https://user-images.githubusercontent.com/45315211/83340264-85518700-a308-11ea-8542-6e555a3200a1.jpg) Step 3 : Back to the front desk ![5](https://user-images.githubusercontent.com/45315211/83340268-94383980-a308-11ea-9993-d56ac08124dd.jpg)
fredtempez commented 2 years ago (Migrated from github.com)
Owner

Hello,
Dont thing so, because of step 1. If you do the same without being logged ok.

Hello, Dont thing so, because of step 1. If you do the same without being logged ok.
zxc7528064 commented 2 years ago (Migrated from github.com)
Owner

@fredtempez Hi~ After logging into the system,I find the security problem
Report this security problem, hope you can fix it .
you can try php function like htmlspecialchar to fix it

@fredtempez Hi~ After logging into the system,I find the security problem Report this security problem, hope you can fix it . you can try php function like htmlspecialchar to fix it
fredtempez commented 2 years ago (Migrated from github.com)
Owner

You are wrong, It's not a vulnerability cause your are login and you enter a script as an administrator.
Feel free to do the same without being connected and we will talk about.

You are wrong, It's not a vulnerability cause your are login and you enter a script as an administrator. Feel free to do the same without being connected and we will talk about.
zxc7528064 commented 2 years ago (Migrated from github.com)
Owner

@fredtempez This is a stored XSS, which means that the entry and exit points have not been encoded and escaped to cause this problem.

@fredtempez This is a stored XSS, which means that the entry and exit points have not been encoded and escaped to cause this problem.
zxc7528064 commented 2 years ago (Migrated from github.com)
Owner

@fredtempez Close the issue ...

@fredtempez Close the issue ...
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.