You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wonderful works of CMS! I found safety problems on the website in management settings:
Cross-site scripting (XSS) vulnerabilities stored in the Site Name field found on the "Configuration" page under the "Carousel" menu of WistyCMS 0.6.2 allow remote attacks.
payload:
" onclick="alert(1)"
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
The input label property becomes the property of the input box, and the JS code under the "onclick" property is executed when the input box is clicked.
Enter the code in the two input box.
Click on the "Envoyer" button to submit and find that the input code has successfully become the attribute of the label.
See that the two code is successfully executed.
apps\slideshow\admin\main.php
——中科卓信软件测评技术中心
The text was updated successfully, but these errors were encountered:
Wonderful works of CMS! I found safety problems on the website in management settings:
Cross-site scripting (XSS) vulnerabilities stored in the Site Name field found on the "Configuration" page under the "Carousel" menu of WistyCMS 0.6.2 allow remote attacks.
payload:
" onclick="alert(1)"
Javascript gets executed. Here's an output of the mentioned payload when entered and saved.
The input label property becomes the property of the input box, and the JS code under the "onclick" property is executed when the input box is clicked.
Enter the code in the two input box.
Click on the "Envoyer" button to submit and find that the input code has successfully become the attribute of the label.
See that the two code is successfully executed.
apps\slideshow\admin\main.php
——中科卓信软件测评技术中心
The text was updated successfully, but these errors were encountered: