Visit the CMS home page and find that the JS code for the article content section is
Log on in the background, there is an article release module
You can see the successful pop-up window, execute the JS code, and prove an XSS vulnerability
Second XSS
Login background, add user module
User name input content does not do any filtering, new user name: