Cross-site Scripting Vulnerability in Tianti CMS (CNVD-2019-09099)
Ladder tianti is a free lightweight CMS system written in Java. A stored cross-site scripting vulnerability exists in the user list module in tianti 2.3, which can be exploited by an attacker via the tianti-module-admin/user/ajax/saverole name parameter to conduct a cross-site scripting attack...