From b40b4b2dd7d2d4f31c58abfb0d7ec3ae01d99307 Mon Sep 17 00:00:00 2001
From: kai415 <2634537866@qq.com>
Date: Fri, 17 Mar 2023 12:13:09 +0000
Subject: [PATCH] add CVE-2023-27241/XSS.md.

Signed-off-by: kai415 <2634537866@qq.com>
---
 CVE-2023-27241/XSS.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 CVE-2023-27241/XSS.md

diff --git a/CVE-2023-27241/XSS.md b/CVE-2023-27241/XSS.md
new file mode 100644
index 0000000..34c8d26
--- /dev/null
+++ b/CVE-2023-27241/XSS.md
@@ -0,0 +1,15 @@
+# WaterBilling-System
+Login Account:jude
+Password:123
+
+When you enter the system,click "add client"
+
+![image](https://user-images.githubusercontent.com/56795018/221333339-79de63bb-6abf-4eed-ba3a-3a1aadddcd39.png)
+
+input a XSS script in the lastname input boxes,such as "<script>alert(document.cookie)</script>",it will expose cookie.
+
+![image](https://user-images.githubusercontent.com/56795018/221333584-a8c81a1c-9392-4a6e-b454-1ff1298398c0.png)
+
+click add,and you will obtain its cookie.
+
+![image](https://user-images.githubusercontent.com/56795018/221333611-c7525da2-2448-4d29-8c3e-cf4850c477ab.png)
-- 
Gitee