client user can use this vulnerability to attack administrator users,Can use js to send post request, indirectly operate the administrator account,a serious threat to website security。
exploit
client login site,and modify the account name to </span><img src=1 onerror=alert(1) /><span>
now,if super user login and look clients,Will trigger XSS。
Hackers can exploit this vulnerability to perform any action by the administrator.
I find a Stored XSS
client user can use this vulnerability to attack administrator users,Can use js to send post request, indirectly operate the administrator account,a serious threat to website security。
exploit
client login site,and modify the account name to
</span><img src=1 onerror=alert(1) /><span>now,if super user login and look clients,Will trigger XSS。
Hackers can exploit this vulnerability to perform any action by the administrator.