Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

autumn-cms add user has XSS vulnerabilities #89

Open
niuzhi opened this issue Sep 1, 2020 · 0 comments
Open

autumn-cms add user has XSS vulnerabilities #89

niuzhi opened this issue Sep 1, 2020 · 0 comments

Comments

@niuzhi
Copy link

niuzhi commented Sep 1, 2020

Location:cms后台登陆,系统设置->用户管理->添加用户->登录名

image

POC:登录名:<script>alert("hack123")</script>
image

后台代码未进行输入过滤:
@RequestMapping(value = "insert/")
@responsebody
public ResponseMsg insertUser(User user){

    user.setPassword(MD5Util.getMD5(user.getPassword()));
    return userService.insertUser(user);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@niuzhi