Cross Site Scripting Vulnerability through the use of Statics Script in FeehiCMS-2.1.1

# The steps to reproduce.

Login to the website backend as admin, go to "Setting" - "Website Setting"

In the "Statics Script" code field, write some attack code，just like 
`<script>alert(1);</script>`

![image](https://github.com/liufee/cms/assets/91946526/4c55622b-1a61-4ef3-88d1-001160794199)

Success after saving

![image](https://github.com/liufee/cms/assets/91946526/82437a9f-2e96-4bab-bdd5-d67c06be7c89)

Return to the front-end homepage and discover that the XSS attack has been successful

![image](https://github.com/liufee/cms/assets/91946526/93526a2a-f362-479b-a326-f8551bc7a701)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cross Site Scripting Vulnerability through the use of Statics Script in FeehiCMS-2.1.1 #72

The steps to reproduce.

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cross Site Scripting Vulnerability through the use of Statics Script in FeehiCMS-2.1.1 #72

Description

The steps to reproduce.

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions