The first XSS vulnerablity
Question and answer module. In the Question supplement function, when inserting a link, fill in "> < SVG / onload = alert ('xss') > <! -- in the address item to form a stored XSS.This vulnerability can be triggered when any visitor views the issue
The second XSS vulnerablity
Stored XSS exists in the title item of online submission module, and the payload is as follows
The specific location of the vulnerability is shown in the figure below,After the submission is approved by the admin user, the vulnerability will be triggered when the administrator opens the content management page.
The first XSS vulnerablity Question and answer module. In the Question supplement function, when inserting a link, fill in "> < SVG / onload = alert ('xss') > <! -- in the address item to form a stored XSS.This vulnerability can be triggered when any visitor views the issue
The second XSS vulnerablity Stored XSS exists in the title item of online submission module, and the payload is as follows The specific location of the vulnerability is shown in the figure below,After the submission is approved by the admin user, the vulnerability will be triggered when the administrator opens the content management page.
