Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata：site_domain

1、Login the backstage
http://127.0.0.1/admin/index.php

2、Go to System setting->site setting
![image](https://user-images.githubusercontent.com/15666994/50943601-1cc1fa00-14c8-11e9-90fd-5deea9ac430d.png)

3、add the following payload to the second textbox，and submit。
payload：site_domain=http://www.dilicms.com/" onmouseover="alert(1)
![image](https://user-images.githubusercontent.com/15666994/50943449-7ece2f80-14c7-11e9-8959-0024fa14fed8.png)
And move your mouse on the second textbook ，then Stored-XSS triggered

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata：site_domain #62

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata：site_domain #62

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions