Multiple persistent XSS vulnerabilities exist on the Personal Information Edit page. As follows.
The first step is to go to the personal page to modify personal information, insert payload(<script>alert(1)</script>)
Step 2 enter the original password and save, and finally refresh the page. The effect can be seen.
The vulnerability is harmful in that any page that the user has rated will pop up, and other users will also be affected. The trigger vulnerability can be any user, not necessarily an administrator. Other operations such as administrator cookies can be hit.
Sign in to comment