A stored XSS vulnerability exists in the file template editing of ujcms_v9.7.5.

【Vulnerability Description】
There is a vulnerability in the template file editing function of the ujcms_v9.7.5 backend. The embedded JavaScript is not filtered or checked. When users access files with embedded malicious code, the malicious JavaScript code will be triggered, which may lead to the theft of sensitive tokens.

【Vulnerability Type】
CWE-79: Cross-site Scripting

【Product Vendor】
https://gitee.com/ujcms/ujcms
https://github.com/ujcms/ujcms
https://www.ujcms.com/

【Affected Product Code Repository】
ujcms_v9.7.5

【Vulnerability Proof】
Edit template file

![Image](https://github.com/user-attachments/assets/1d720526-729b-4f4a-8974-f17d92e81c89)

![Image](https://github.com/user-attachments/assets/f42d0e2d-062f-41b1-beb6-04d415ad116a)

![Image](https://github.com/user-attachments/assets/988fc421-a4bb-44a5-be48-b34d2d557544)
【Code Location】
/main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java#update

【Code Analysis】
The updated file content is saved without verification

![Image](https://github.com/user-attachments/assets/8e60a811-0861-4f06-8fe3-562291dc04cb)

![Image](https://github.com/user-attachments/assets/1feca5a2-93d5-4409-823d-6f6fc51704f5)
【Repair Suggestions】
Perform security checks on the updated file content

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A stored XSS vulnerability exists in the file template editing of ujcms_v9.7.5. #14

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

A stored XSS vulnerability exists in the file template editing of ujcms_v9.7.5. #14

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions