An issue was discovered in Hsycms V1.1 . There is an XSS vulnerability via /book page

1. The attacker opens http://127.0.0.1/book/, and enters the following at the name.
 
"><img src=1 onerror=alert(location.href)>

  

 

2.The vulnerability is triggered when administrators view messages.

 

 

 
posted @ 2019-02-17 00:24  00000007  阅读(1543)  评论(0编辑  收藏  举报