"Nickname" has a stored XSS vulnerability

Question

"Nickname" has a stored XSS vulnerability

xfiftyone opened this issue 3 years ago · comments

Description

There is no escaping in the nickname field on the user list page，When viewing this page, the JavaScript code will be executed in the user's browser.

Impact Version

v1.03

Steps to Reproduce

1、Visit the profile page after logging in，http://xxx/user
2、Click on the nickname and insert the javascript code，test<img/src=x onerror=alert(1)>
3、Click save, the payload has been executed

The original request is as follows：

POST /admin/user/updateuser
name=Nickname&value=test%3Cimg%2Fsrc%3Dx+onerror%3Dalert(1)%3E&pk=300

hotqin888 · Answer 1 · Fri Jul 09 2021 22:46:06 GMT+0800 (China Standard Time)

thank you,I will fix it.

hotqin888 · Answer 2 · Fri Jul 09 2021 23:40:07 GMT+0800 (China Standard Time)

		value := c.Input().Get("value")
		value = template.HTMLEscapeString(value) //过滤xss攻击
                err = m.UpdateUser(id, name, value)