There is a storage XSS vulnerability in the template module.
The figure shows the setting interface of template management, which is used to describe the left part of the home page.
URL: http://localhost:8080/admin/template/setting
After inputting the payload in the figure above, any user entering the home page will trigger XSS vulnerability.
However, if hackers enter the background by means of weak password and add XSS code, they can easily cause great harm: Hijacking cookies, obtaining sensitive information, phishing and so on.
Similarly, there is a storage XSS vulnerability in commodity tag management, which can be successfully triggered on the commodity page
JPressProjects
commented
3 years ago
There is a storage XSS vulnerability in the template module. The figure shows the setting interface of template management, which is used to describe the left part of the home page. URL:
http://localhost:8080/admin/template/settingAfter inputting the payload in the figure above, any user entering the home page will trigger XSS vulnerability.
However, if hackers enter the background by means of weak password and add XSS code, they can easily cause great harm: Hijacking cookies, obtaining sensitive information, phishing and so on.
Similarly, there is a storage XSS vulnerability in commodity tag management, which can be successfully triggered on the commodity page