### OFCMS background role management storage type XSS
#### Vulnerability Introduction
OFCMS is a content management system based on Java technology. Functions: column template customization, content model customization, multiple site management, online template page editing and other functions. The code is completely open source, MIT license agreement.
#### Vulnerability impact
- < v1.1.3
#### Vulnerability recurrence
1. Login to the background
2. Open the role management, fill in the payload, as shown in the figure
![](https://images.seebug.org/1551962062588-w331s)
Save, refresh, trigger XSS
![](https://images.seebug.org/1551962071325-w331s)
暂无评论