Dancer issues

Results 4 issues of


                                            Dancer

请问静态页面在哪？配置完之后访问没什么反应

配置完后，开启redis，在命令行运行 webim_server.php 和 flash_policy.php，浏览器访问webroot没什么反应

There is a CSRF vulnerability that can delete the message

After the administrator open the following page, and click the the Submit request, square message with ID 264 will be deleted. ``` history.pushState('', '', '/') ```

There is a Stored-XSS vulnerability in IceCMS v1.0.0

There is a Stored-XSS vulnerability in IceCMS v1.0.0 api : /Websquare/create/circle planet - circle POC： The payload is `` ![06](https://user-images.githubusercontent.com/35645904/235698897-baef4711-9678-4d5f-9453-38cfbe71d17f.png) ![05](https://user-images.githubusercontent.com/35645904/235699004-966ba0b0-8448-400c-b9d7-ec9bae10a60e.png)

There is unauthorized access to the API, resulting in the disclosure of sensitive information

This api does not require login, obtains user information through user_id, and returns the user name, password, and email address in plain text. ![02](https://user-images.githubusercontent.com/35645904/235364459-98f11a8f-769d-48f9-8411-d6a117a22e2e.png) It is like the preview address...