search

Bixie / pagekit-portfolio

Portfolio extension for Pagekit
12 stars 5 forks source link

Store XSS in image url field #44

Open Iceware opened 5 years ago

Iceware commented 5 years ago

Portfolio Version 1.2.0 PHP Version: 7

Login user who has "Manage portfolio " privilege can inject arbitrary web script or HTML via editor, XSS vulnerability will be triggered by visiting /portfolio/${project_title}.

POC pic1 pic3

Title field also vulnerable to XSS,