autumn-cms add user has XSS vulnerabilities

Location：cms后台登陆，系统设置->用户管理->添加用户->登录名

![image](https://user-images.githubusercontent.com/33443724/91813216-ee78cb80-ec64-11ea-9923-c4922149172a.png)

POC:登录名:<script>alert("hack123")</script>
![image](https://user-images.githubusercontent.com/33443724/91813528-6fd05e00-ec65-11ea-9a67-8ea3a218cfb2.png)

后台代码未进行输入过滤：
 @RequestMapping(value = "insert/")
    @ResponseBody
    public ResponseMsg insertUser(User user){

        user.setPassword(MD5Util.getMD5(user.getPassword()));
        return userService.insertUser(user);
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

autumn-cms add user has XSS vulnerabilities #89

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

autumn-cms add user has XSS vulnerabilities #89

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions