search

WBCE / WBCE_CMS

Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.
https://wbce-cms.org
GNU General Public License v2.0
31 stars 22 forks source link

XSS via modul post loop in Pages #525

Closed gozan10 closed 1 year ago

gozan10 commented 1 year ago

Hi team,

I find XSS via modul post loop in Pages

Step:

  1. add section in manage sections image image

  2. add new post then choose options in modify page (a new post must be created for the setting to take effect) image image

  3. In Post Loop inject javascript image

  4. save and view image

instantflorian commented 1 year ago

Commit 26b9c1a included in https://github.com/WBCE/WBCE_CMS/releases/tag/1.5.4