Website background XSS_LOGO

[crow821]

After installing xino-pro4 After 1.2, there is a storage XSS on the left side of the bottom of the background setting

Then in http://127.0.0.1/xiuno/admin/ Continue to log in to the administrator background and http://127.0.0.1/xiuno/admin/?setting -base. Htm setting page custom setting information: Modify the loading method at the logo of the mobile phone: Change it tohttp://127.0.0.1:8081/41.png" onerror=alert(1) //，Of course, it can also be loaded locally:

Save after modification, and then load on the home page: http://127.0.0.1/xiuno/