Closed gozan10 closed 1 year ago
Hi team,
I find XSS via modul post loop in Pages
Step:
add section in manage sections
add new post then choose options in modify page (a new post must be created for the setting to take effect)
In Post Loop inject javascript
save and view
Commit 26b9c1a included in https://github.com/WBCE/WBCE_CMS/releases/tag/1.5.4
Hi team,
I find XSS via modul post loop in Pages
Step:
add section in manage sections
![image](https://user-images.githubusercontent.com/70020521/200109987-777a03c1-3109-4690-ac1c-6d4c852cba6d.png)
add new post then choose options in modify page (a new post must be created for the setting to take effect)
![image](https://user-images.githubusercontent.com/70020521/200110578-46c57f7d-8c85-49f9-b73f-99c0a4bbc2f2.png)
In Post Loop inject javascript![image](https://user-images.githubusercontent.com/70020521/200110303-366e66e0-1cf7-4228-9b65-64a9969cd35b.png)
save and view![image](https://user-images.githubusercontent.com/70020521/200110319-bc77ee05-6d01-4a9b-a716-0a5d4d71b798.png)