### 简要描述:
有可能造成xss
### 详细说明:
在客户对话框里面没有过滤url
[<img src="https://images.seebug.org/upload/201405/260847292ed11915fc6b6c76cf1859e8792a9a72.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/260847292ed11915fc6b6c76cf1859e8792a9a72.png)
[<img src="https://images.seebug.org/upload/201405/260848271033149a69a8c5e424352f2a0a7152e3.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/260848271033149a69a8c5e424352f2a0a7152e3.png)
[<img src="https://images.seebug.org/upload/201405/26084846190cce20e40543278b850fbb39466bf9.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/26084846190cce20e40543278b850fbb39466bf9.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201405/260849065aa9a70ba1ddf602273393df0515077e.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/260849065aa9a70ba1ddf602273393df0515077e.png)
[<img src="https://images.seebug.org/upload/201405/260849400723d9782527b602c2fb7c1cb405f490.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/260849400723d9782527b602c2fb7c1cb405f490.png)
京公网安备 11010502034610号
暂无评论