Headline
CVE-2023-1565: lsummer/README.md at main · 1114506941/lsummer
A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223557 was assigned to this vulnerability.
The PHP version of Feifei Movie and Television System V2.7.130201 has a storage type XSS vulnerability
Feifei V2.7.130201 installation package:https://www.tongyixiazai.com/soft/10001228.html
Recurrence environment:
Windows 10
Phpstudy
Vulnerability description:
The vulnerability exists in \Public\system\slide_add.htmlfiles that are not filtered for any special characters during the addition process, resulting in a storage based XSS vulnerability.
Vulnerability recurrence:
Extension tool - Add slide introduction parameter input script for homepage slide<style onload=alert(1)>,There is a storage type XSS vulnerability, as shown in the figure.
As can be seen from the following figure,in the file\Public\system\slide_add.html,during the process of adding the homepage slide, parameters are brought into the database for update without any processing