Open Iceware opened 5 years ago
Portfolio Version 1.2.0 PHP Version: 7
Login user who has "Manage portfolio " privilege can inject arbitrary web script or HTML via editor, XSS vulnerability will be triggered by visiting /portfolio/${project_title}.
POC
Title field also vulnerable to XSS,
Portfolio Version 1.2.0 PHP Version: 7
Login user who has "Manage portfolio " privilege can inject arbitrary web script or HTML via editor, XSS vulnerability will be triggered by visiting /portfolio/${project_title}.
POC
Title field also vulnerable to XSS,