Hi ~ I find a XSS Vulnerability (Stored)
Version : 10.1.02
Author : Noth(沈彧璿)
Step 1 : login system
Step 2 : /zwiicms/?config/script/body ，XSS weakness in the "Editor de script dans Body" store.
Step 3 : Back to the front desk
Dont thing so, because of step 1. If you do the same without being logged ok.
@fredtempez Hi~ After logging into the system，I find the security problem
Report this security problem, hope you can fix it .
you can try php function like htmlspecialchar to fix it
You are wrong, It's not a vulnerability cause your are login and you enter a script as an administrator.
Feel free to do the same without being connected and we will talk about.
@fredtempez This is a stored XSS, which means that the entry and exit points have not been encoded and escaped to cause this problem.
@fredtempez Close the issue ...
No due date set.
This issue currently doesn't have any dependencies.
Deleting a branch is permanent. It CANNOT be undone. Continue?