Headline
CVE-2021-45787: 网站后台添加视频处存在存储型XSS漏洞(There is a cross-site scripting (XSS) vulnerability in adding videos) · Issue #746 · magicblack/maccms10
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
网站后台添加视频处,包括名称、备注等参数位置均可插入xss代码
(There is a Storage XSS vulnerability in adding videos,XSS code can be inserted at parameter positions including name and remarks……)
插入的xss代码也会在前台被执行,它将影响访问该网站的所有用户
(The inserted XSS code will executed in the foreground,It will affect all users who visit the site)
虽然这个存储型xss位于后台,但该漏洞一旦被利用会导致前台众多用户都会收到攻击
另外,后台添加文章处也有相同问题