### OFCMS background form management storage type XSS
#### Vulnerability Introduction
OFCMS is a content management system based on Java technology. Functions: column template customization, content model customization, multiple site management, online template page editing and other functions. The code is completely open source, MIT license agreement.
#### Vulnerability impact
- < v1.1.3
#### Vulnerability recurrence
1. Login to the background
2. Open the Form management, fill in the payload, as shown in the figure
![](https://images.seebug.org/1551959881368-w331s)
Save, refresh, trigger XSS
![](https://images.seebug.org/1551959889780-w331s)
暂无评论