jeecms v9.3 has a stroed xss vulnerability

jeecms v9.3 has a stroed xss vulnerability

An issue was discovered in jeecms v9.3 There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.

poc


Vulnerability trigger point
http://localhost//jeeadmin/jeecms/index.do#/content/update?type=update&id=130&noce_str=F3BR4K6
1.logged as admin
jeecms v9.3 has a stroed xss vulnerability_第1张图片
2.Choose this part
jeecms v9.3 has a stroed xss vulnerability_第2张图片
3.Click the green button to enter this page and insert code

jeecms v9.3 has a stroed xss vulnerability_第3张图片
4.Submit and view homepage
jeecms v9.3 has a stroed xss vulnerability_第4张图片

你可能感兴趣的:(jeecms v9.3 has a stroed xss vulnerability)