CVE-2023-31860: There is a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system v3.1.2 · Issue #3 · wuzhicms/b2b

Affected version: Wuzhi CMS v3.1.2
Github download address: https://github.com/wuzhicms/b2b
Usage tool: Burpsuite

Vulnerability recurrence process:
(1) Firstly, enter the website backend, click on the extension module, and then click on online payment, as shown in the following figure:

(2) Enable the Burpsuite agent, click Search to capture packets, as shown in the following figure:

(3) After the parameter: keyValue, enter payload: "OnMoUsEoVeR=prompt (1)// and release the data packet.

(4) At this point, it can be seen that an additional “” appears at the order number, which can trigger this vulnerability when the mouse is placed, as shown in the following figure: