XSS Vulnerability v1.4.3

WBCE / WBCE_CMS

Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.

https://wbce-cms.org

GNU General Public License v2.0

32 stars 22 forks source link

XSS Vulnerability v1.4.3 #481

Closed zxc7528064 closed 4 years ago

zxc7528064 commented 4 years ago

Hi ~ I find a XSS Vulnerability (Stored) Version : 1.4.3 Author : Noth(沈彧璿) Step 1 : login system Step 2 : Click the "Settings" icon on the left Step 3 : Insert the XSS test grammar on the "Website Footer" on the right and save it. PoC : "> Step 4 : Back to the front desk

instantflorian commented 4 years ago

Thanks for your advice. But in these fields you do not even need any tricks to execute JavaScript, since the input fields allow usual Githubissues.

Githubissues is a development platform for aggregating issues.