Due to the lax filtering of tag parameters, JS code can be inserted to cause cross-site scripting attacks.If the tag parameter is assigned to "<script>alert(123)</script>".Submitting in get mode can cause cross-site script attack.
The exp code is as follows:
http://127.0.0.1/index.php?r=search%2Ftag&tag=<script>alert(123)</script>
Due to the lax filtering of tag parameters, JS code can be inserted to cause cross-site scripting attacks.If the tag parameter is assigned to "<script>alert(123)</script>".Submitting in get mode can cause cross-site script attack.
The exp code is as follows:
http://127.0.0.1/index.php?r=search%2Ftag&tag=<script>alert(123)</script>