### OFCMS background website basic settings storage type XSS
#### Vulnerability Introduction
OFCMS is a content management system based on Java technology. Functions: column template customization, content model customization, multiple site management, online template page editing and other functions. The code is completely open source, MIT license agreement.
#### Vulnerability impact
- < v1.1.3
#### Vulnerability recurrence
1. Login to the background
2. Open the basic settings of the website, fill in the payload, as shown in the figure
![](https://images.seebug.org/1551961970972-w331s)
Save, refresh, trigger XSS
![](https://images.seebug.org/1551961978823-w331s)
Unavailable Comments