taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
60
stars
21
forks
source link
There is a storage xss in the add module of friendly links in Taocms3.0.2. #30
Open
debug601 opened 2 years ago
<script>alert(documnet.cookie)</script>
Click on the left link module, and then click add
Enter our payload and click submit
Found that payload has been executed
Back to the home page, because it is a friendly link, the front desk is also affected.