There is a storage type cross site scripting attack at "Management column"(Column administrator authority)

[liangyueliangyue]

First, we enter the background and use the column administrator admin we created: Let's click "add article" on the left: Insert xss payload at the title ：

Return to the background management page，Let's click "edit article" on the left:

Come back to the front page，Because it is the title of the article, the front desk is also affected