taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
60
stars
21
forks
source link
There is a storage XSS vulnerability in the add column of Taocms3.0.2 's management column. #29
Open
debug601 opened 2 years ago
Click the Management column module and click add
Enter our payload and click submit
payload:
<script>alert(document.cookie)</script>
Found that payload has been executed
Go back to the home page, because it is a list, the front desk is also affected.