unafraid-fearless issues

Results 3 issues of


                                            unafraid-fearless

autumn-cms system settings-menu management module has reflected XSS

The location of the reflected XSS vulnerability is in the first menu of the first module in the background Enter my test payload 4 ![image](https://github.com/ShuaiJunlan/Autumn/assets/36062846/2091e900-0f57-4daa-a826-ac656abf7200) ![image](https://github.com/ShuaiJunlan/Autumn/assets/36062846/b66b76a2-b9fe-4ecb-9222-47a27b8c9703) Forgive me, a picture...

The new user role management module has a stored XSS vulnerability

Interface location entry：http://{IP}:8081/wetech_web/admin/role/add.do，payload:4 ==> %3Cp%2FonMouseoVer%3Dconfirm%607%60%3E4 ![image](https://github.com/cjbi/wetech-cms/assets/36062846/8b4774df-de03-44f1-a9ab-b44432ca45bf) [payload：](payload:4) ![image](https://github.com/cjbi/wetech-cms/assets/36062846/48b5c048-79ad-4d29-99dd-5a4c4d5a783d)

There is a CSRF vulnerability in adding an administrator user

1.Interface address location：http://{IP_address}/wetech_web/admin/user/add.do ![image](https://github.com/cjbi/wetech-cms/assets/36062846/75165a0a-6406-4dda-82b6-7839c68be4a4) ![image](https://github.com/cjbi/wetech-cms/assets/36062846/75165a0a-6406-4dda-82b6-7839c68be4a4) ![image](https://github.com/cjbi/wetech-cms/assets/36062846/75165a0a-6406-4dda-82b6-7839c68be4a4) 2.I deleted the Referer and Origin fields，Interface replay successful，Here Generate CSRF HTML using Burp，The username and password are designed to be root123 ![csrf1](https://github.com/cjbi/wetech-cms/assets/36062846/c6efc948-fb8a-4901-983f-45c7b39a01e2) ![csrf1](https://github.com/cjbi/wetech-cms/assets/36062846/c6efc948-fb8a-4901-983f-45c7b39a01e2)...