In comment on:
In src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java, only sensitive keywords are filtered
The src/main/resources/templates/admin/comment/list.ftl parameter is not filtered
Cooperate with csrf ,Review payload
View comments in the background:
Payload triggered
Temporary repair suggestions:
In src/main/resources/templates/admin/comment/list.ftl 56:
Modify to:
${model.formatContent(comment.content)}
Vulnerability submission information
author:boluo5100
mail:basiclearn@163.com
atjiu
commented
1 year ago
In comment on:
In src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java, only sensitive keywords are filtered
The src/main/resources/templates/admin/comment/list.ftl parameter is not filtered
Cooperate with csrf ,Review payload
View comments in the background:
Payload triggered
Temporary repair suggestions:
In src/main/resources/templates/admin/comment/list.ftl 56: Modify to:
Vulnerability submission information author:boluo5100 mail:basiclearn@163.com