Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.
After submission, display_name will be escaped in the escapestring function for special symbols
When saving to database, it will add \ in front of " to " , but it does not affect the front-end recognition of "
When output to the frontend, it is not filtered
Enter payload on the submit page to submit
payload: s" autofocus=autofocus onfocus=alert(1) "
Successful writing of xss
After submission, display_name will be escaped in the escapestring function for special symbols
When saving to database, it will add \ in front of " to " , but it does not affect the front-end recognition of "
When output to the frontend, it is not filtered
Enter payload on the submit page to submit
payload: s" autofocus=autofocus onfocus=alert(1) "
Successful writing of xss
![image](https://user-images.githubusercontent.com/75356114/219852987-07a17387-84b3-46e6-87aa-084ebca02377.png)