flatCore / flatCore-CMS

flatCore is a Web Content Management System (CMS) based on PHP and MySQL/SQLite.
https://flatcore.org
GNU General Public License v3.0
50 stars 16 forks source link

Cross Site Scripting (XSS) in Install #86

Closed sinemsahn closed 1 year ago

sinemsahn commented 2 years ago

Describe the bug Cross Site Scripting (XSS) in the username section of the install page. version: 2.1.0

To Reproduce Steps to reproduce the behavior:

  1. Go to 'CMS Install Page'
  2. Insert into a XSS payload in username section
  3. And XSS save
  4. See error

image image

OS: all Browser : all Version : all

sinemsahn commented 2 years ago

@patkon Can you help me check issue this? Looking forward to hearing from you. Thank you .