There is a stored xss via /publiccms/admin/ in logo

Hello,my nickname is isecream,I found a stored xss in the logo

First, access the page
![default](https://user-images.githubusercontent.com/25191604/47853680-7946d000-de1a-11e8-85b8-8072faa87e67.png)

the logo is obtained from database.
![default](https://user-images.githubusercontent.com/25191604/47853749-ab583200-de1a-11e8-863b-5077fe015e0c.png)

Then，i write the xss payload to the database via /publiccms/admin/sysSite/sql.html
![default](https://user-images.githubusercontent.com/25191604/47854058-b2cc0b00-de1b-11e8-84e9-d35b754021f8.png)

you can see,the value has been changed
![default](https://user-images.githubusercontent.com/25191604/47854150-f161c580-de1b-11e8-94e8-5b18dca4d961.png)

And then,access the last page
![default](https://user-images.githubusercontent.com/25191604/47854242-3b4aab80-de1c-11e8-8d7d-6d068d92497c.png)

so,there is a stored xss in the all logo




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is a stored xss via /publiccms/admin/ in logo #22

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is a stored xss via /publiccms/admin/ in logo #22

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions