jfinal_cms icon indicating copy to clipboard operation
jfinal_cms copied to clipboard
verified publisher icon jflyfox

XSS vulnerability2 in jfinal_cms 5.1.0

Open Townmacro opened this issue 3 years ago • 0 comments

There is a stored XSS vulnerability in JFinal_cms 's publish blog module. An attacker could insert malicious XSS code into the content of the blog post. When users and administrators view the blog post, the malicious XSS code is triggered successfully.

First register a user to test, then go to the submit blog post page and insert malicious XSS code in the content field

Payload:%3Cp%3Etest2%3C%2Fp%3E%3Cimg%20src%3D%22x%22%20onerror%3Dalert(document.cookie)%3E%3C%2Fp%3E

Submit a blog post

202207181056999

Modification of data packages via Burp Suite

202207181057741

Change the model.content field to Payload

202207181103768

Successfully executed malicious XSS code:

202207181104455 202207181105864

Townmacro avatar Jul 18 '22 04:07 Townmacro