An issue was discovered in Hsycms V1.1 . There is an XSS vulnerability via /book page

1. The attacker opens http://127.0.0.1/book/, and enters the following at the name.
"><img src=1 onerror=alert(location.href)> 

  

 

2.The vulnerability is triggered when administrators view messages.

 

 

 
posted @ 2019-02-17 00:24  Se7en呦  阅读(...)  评论(... 编辑 收藏