diff --git a/CVE-2023-27242/XSS.md b/CVE-2023-27242/XSS.md
new file mode 100644
index 0000000000000000000000000000000000000000..5e90a346092af70cd3a2c3df6d5e0d1ce2d00de6
--- /dev/null
+++ b/CVE-2023-27242/XSS.md
@@ -0,0 +1,15 @@
+# WaterBilling-System
+Login Account:jude
+Password:123
+
+When you enter the system,click "add client"
+
+![image](https://user-images.githubusercontent.com/56795018/221333339-79de63bb-6abf-4eed-ba3a-3a1aadddcd39.png)
+
+input a XSS script in the lastname input boxes,such as "<script>alert(document.cookie)</script>",it will expose cookie.
+
+![image](https://user-images.githubusercontent.com/56795018/221333584-a8c81a1c-9392-4a6e-b454-1ff1298398c0.png)
+
+click add,and you will obtain its cookie.
+
+![image](https://user-images.githubusercontent.com/56795018/221333611-c7525da2-2448-4d29-8c3e-cf4850c477ab.png)
\ No newline at end of file