Cross-site scripting (XSS) vulnerability in CMS Made Simple 2.1.6

in adminpage > Design Manager > Categories options  Create a new Category Desciption filed  has xss vulnerability 


first create a new catagory

and in Description write the payload </textarea><svg/onload=alert(0)> and submit the catagory


3.png


then when you  edit the category  the description filed has xss vulnerability



暂无评论

发布评论