一个后台存储型xss漏洞

When adding movie names, malicious code can be stored because there is no filtering of parameters
Affected version:<=1.2
test：
![image](https://user-images.githubusercontent.com/92918668/161237107-6d2340b9-3f3b-43f8-8a53-7ba7e80b4c3f.png)
The trigger：
![image](https://user-images.githubusercontent.com/92918668/161237368-773ed37e-1115-4651-8aad-acdbb4dfb11d.png)
The main reason is that the code does not filter parameter values：
![image](https://user-images.githubusercontent.com/92918668/161237881-e9f4fc57-7b6c-4e5b-a6fb-3479344fecb1.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

一个后台存储型xss漏洞 #3

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

一个后台存储型xss漏洞 #3

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions