Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
Cross-site scripting (XSS) vulnerability in app/api/cms/user.py 12 line register() function and app/api/cms/log.py 23 line get_logs() function.
User name usage XSS payload will be executed in the log when registering users
Steps To Reproduce:
1.Add a user, the username is xss payload.
2.Then use the username login, see the log manager find the xss payload already executed, the super user also can find.
author by jin.dong@dbappsecurity.com.cn
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description:
Cross-site scripting (XSS) vulnerability in app/api/cms/user.py 12 line register() function and app/api/cms/log.py 23 line get_logs() function.
User name usage XSS payload will be executed in the log when registering users
Steps To Reproduce:
1.Add a user, the username is xss payload.
2.Then use the username login, see the log manager find the xss payload already executed, the super user also can find.
author by jin.dong@dbappsecurity.com.cn