"Nickname" has a stored XSS vulnerability
xfiftyone opened this issue · comments
x51 commented
Description
There is no escaping in the nickname field on the user list page,When viewing this page, the JavaScript code will be executed in the user's browser.
Impact Version
v1.03
Steps to Reproduce
1、Visit the profile page after logging in,http://xxx/user
2、Click on the nickname and insert the javascript code,test<img/src=x onerror=alert(1)>
3、Click save, the payload has been executed
The original request is as follows:
POST /admin/user/updateuser
name=Nickname&value=test%3Cimg%2Fsrc%3Dx+onerror%3Dalert(1)%3E&pk=300
hotqin888 commented
thank you,I will fix it.
hotqin888 commented
value := c.Input().Get("value")
value = template.HTMLEscapeString(value) //过滤xss攻击
err = m.UpdateUser(id, name, value)