nivcoo
commented
3 years ago Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust
Open GrayR0ot opened 3 years ago
nivcoo
commented
3 years ago Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust
nivcoo
commented
3 years ago For the cookies, if you have access to the file you can also do anything with cookies and customer information
GrayR0ot
commented
3 years ago I just successfully hijacked a customer Dashboard but if you think it's normal letting this kind of vulnerability this is your choice.
nivcoo
commented
3 years ago It's not really a choice, but yes it would be nice to take 2-3 hours to make the necessary changes
nivcoo
commented
3 years ago We will add protection for the XSS on panel admin in no time :p
StanByes
commented
2 years ago It's good
Describe the bug | Décrivez le bug
Edit members from admin panel allow us using Xss Stored vulnerability
To Reproduce | Pour reproduire le bug
Steps to reproduce the behavior: | Étapes pour reproduire le bug :
Go to Membres -> Edit any
Set the user name to
Then save
It allow us using Stored Xss vulnerability. Which would allow us stoling visitors cookies and more other fun facts