A Reflected Cross-Site Scripting vulnerability exists in the /mc-admin/page.php in version 1.11

bg5sbk / MiniCMS

至简的个人网站内容管理系统

http://1234n.com/?projects/minicms/

227 stars 61 forks source link

A Reflected Cross-Site Scripting vulnerability exists in the /mc-admin/page.php in version 1.11 #49

Open thisissuperann opened 8 months ago

thisissuperann commented 8 months ago

vulnerability location:date parameter /MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04

Payload: Access the address with payload after login: /MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04 Then we can find it triggering the xss vulnerability: