There is a stored XSS vulnerability in JFinal_cms 's publish blog module. An attacker can insert malicious XSS code into the keyword field. When the user views the content of the article in the foreground, the malicious XSS code is triggered successfully.
There is a stored XSS vulnerability in JFinal_cms 's publish blog module. An attacker can insert malicious XSS code into the keyword field. When the user views the content of the article in the foreground, the malicious XSS code is triggered successfully.
payload:
" onmouseover="alert(document.cookie)
Successfully executed malicious XSS code: