XSS in CMS Made Simple 2.1.6

世界第二水的cve,看到别人都有cve,自己又不会审计,就搞了套cms来盲测,然后..恩..以下内容可能引起不适...

This vulnerability in Content-->News-->Add Article.

The are 3 blanks,marked as mark1,mark2,and mark3.
1.png

2.png

Change the marks to payloads,

3.png

Then back to index,and click the news which we added,and it has 3 xss.

4.png

5.png

6.png

标签: none