There is a stored xss via /starter-tomcat-1.0/admin/setting

JPressProjects / jpress

JPress，一个使用 Java 开发的建站神器，目前已经有 10w+ 网站使用 JPress 进行驱动，其中包括多个政府机构，200+上市公司，中科院、红+字会等。

http://www.jpress.cn

GNU Lesser General Public License v3.0

2.68k stars 1.18k forks source link

Closed tcsecchen closed 5 years ago

tcsecchen commented 6 years ago

Hello,my nickname is isecream,I found three stored xss in the form

First, access the page default

default

then use the payload: "><svg/onload=alert(1)> default

when i submit

default default default

Ofirnir123 commented 5 years ago

Is this issue was already resolved ?

NicoleG25 commented 4 years ago

@yangfuhai , was this issue ever resolved? Please note that there was a CVE assigned