PerfreeBlog
PerfreeBlog copied to clipboard
perfree
PerfreeBlog是一款基于java开发的博客/CMS建站平台,丰富的主题支持及扩展插件功能,给您带来全新的创作体验~
案例网站收集~
如果您正在使用PerfreeBlog,欢迎您将使用PerfreeBlog搭建的网站地址更新到此 issue 下,格式如下: 网站名称: Perfree 网站地址: [https://www.yinpengfei.com](https://www.yinpengfei.com)
Post function module browsing post content exists storage xss, when the user publishes the article, the content and title format of the article is not filtered, can leak sensitive information....
Affected versions:v3.1.1 ## The steps to reproduce Register an ordinary user arbitrarily, and upload the avatar  The front-end restricts the file type, and can only upload image-type files You...
Affected versions:v3.1.1 ## The steps to reproduce When logging in, choose to forget your password and choose to retrieve your password And enter any existing email address and its bound...
In the background, XSS is inserted in the place where the friend link management is added, at the site name and website description, resulting in an XSS popup window appearing...
这种情况将无法使用 优化方式: public static final String DEFAULT_THEMES_NAME= "default.zip"; ```Java @Slf4j public class Themeutils { /** * 解压默认主题 */ public static void unzipDefaultTheme() { File file = ClassPathFileUtil.getClassPathFile(SystemConstants.DEV_THEMES_PATH + SystemConstants.FILE_SEPARATOR +...
