XSS Vulnerability #8

Closed
by zxc7528064 opened 12 months ago · 5 comments
zxc7528064 commented 12 months ago (Migrated from github.com)
Owner

Hi ~ I find a XSS Vulnerability (Stored)
Version : 10.1.02
Author : Noth(沈彧璿)
Step 1 : login system
Step 2 : /zwiicms/?config/script/body ,XSS weakness in the "Editor de script dans Body" store.
4
Step 3 : Back to the front desk
5

Hi ~ I find a XSS Vulnerability (Stored) Version : 10.1.02 Author : Noth(沈彧璿) Step 1 : login system Step 2 : /zwiicms/?config/script/body ,XSS weakness in the "Editor de script dans Body" store. ![4](https://user-images.githubusercontent.com/45315211/83340264-85518700-a308-11ea-8542-6e555a3200a1.jpg) Step 3 : Back to the front desk ![5](https://user-images.githubusercontent.com/45315211/83340268-94383980-a308-11ea-9993-d56ac08124dd.jpg)
fredtempez commented 12 months ago (Migrated from github.com)
Owner

Hello,
Dont thing so, because of step 1. If you do the same without being logged ok.

Hello, Dont thing so, because of step 1. If you do the same without being logged ok.
zxc7528064 commented 12 months ago (Migrated from github.com)
Poster
Owner

@fredtempez Hi~ After logging into the system,I find the security problem
Report this security problem, hope you can fix it .
you can try php function like htmlspecialchar to fix it

@fredtempez Hi~ After logging into the system,I find the security problem Report this security problem, hope you can fix it . you can try php function like htmlspecialchar to fix it
fredtempez commented 12 months ago (Migrated from github.com)
Owner

You are wrong, It's not a vulnerability cause your are login and you enter a script as an administrator.
Feel free to do the same without being connected and we will talk about.

You are wrong, It's not a vulnerability cause your are login and you enter a script as an administrator. Feel free to do the same without being connected and we will talk about.
zxc7528064 commented 12 months ago (Migrated from github.com)
Poster
Owner

@fredtempez This is a stored XSS, which means that the entry and exit points have not been encoded and escaped to cause this problem.

@fredtempez This is a stored XSS, which means that the entry and exit points have not been encoded and escaped to cause this problem.
zxc7528064 commented 12 months ago (Migrated from github.com)
Poster
Owner

@fredtempez Close the issue ...

@fredtempez Close the issue ...
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.