ForestBlog Existing Xss

Vulnerability Product:ForestBlog
Vulnerability version: all
Vulnerability type: Stored XSS
Vulnerability Details:

<script>alert(document.cookie)</script>
the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff
1. Login link: http://forestblog.liuyanzhao.com/login
I registered my own account here
Account: linkk
Password: linkk
![image](https://github.com/saysky/ForestBlog/assets/109197048/9e102895-a06f-4573-b394-cfeb13b751d8)

2. When writing the article title or content, enter<script>alert (document. cookie)</script>
Click to publish
![image](https://github.com/saysky/ForestBlog/assets/109197048/5906c444-2e50-44a2-9282-828168ac6673)

3. Click on the homepage to view this article
![image](https://github.com/saysky/ForestBlog/assets/109197048/67a96a20-578d-4dca-aa73-fc99e0478a51)

Discovered that xss was triggered

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ForestBlog Existing Xss #99

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ForestBlog Existing Xss #99

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions