转载:https://blog.csdn.net/libieme/article/details/83588929
jeecms v9.3 has a stroed xss vulnerability
An issue was discovered in jeecms v9.3 There is a stored XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML.
poc
<script>alert(document.cookie)</script>
1
Vulnerability trigger point
http://localhost//jeeadmin/jeecms/index.do#/content/update?type=update&id=130&noce_str=F3BR4K6
1.logged as admin
2.Choose this part
3.Click the green button to enter this page and insert code
4.Submit and view homepage
---------------------
作者:libieme
来源:CSDN
原文:https://blog.csdn.net/libieme/article/details/83588929
版权声明:本文为博主原创文章,转载请附上博文链接!