Open GrayR0ot opened 3 years ago
Indeed no page of the admin panel is protected against XSS, it should be but we felt that if you have access to the admin panel you are someone you can trust
For the cookies, if you have access to the file you can also do anything with cookies and customer information
I just successfully hijacked a customer Dashboard but if you think it's normal letting this kind of vulnerability this is your choice.
It's not really a choice, but yes it would be nice to take 2-3 hours to make the necessary changes
We will add protection for the XSS on panel admin in no time :p
It's good
Describe the bug | Décrivez le bug
Edit members from admin panel allow us using Xss Stored vulnerability
To Reproduce | Pour reproduire le bug
Steps to reproduce the behavior: | Étapes pour reproduire le bug :
Go to Membres -> Edit any
Set the user name to
Then save
It allow us using Stored Xss vulnerability. Which would allow us stoling visitors cookies and more other fun facts