Headline
CVE-2023-46378: Minicms1.1.1 Exists storage xss
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.
1.Environment download address: https://codeload.github.com/bg5sbk/MiniCMS/zip/refs/tags/v1.11
2.Log in to the background page to go to the following URL
/mc-admin/conf.php
3.At the site address, enter: javascript:alert(1)
4.xss is triggered by clicking on my website at /mc-admin/head.php