Open zxc7528064 opened 4 years ago
Hello, @zxc7528064. Thank you for update. I need note that Flexo CMS project currently is do not supported by me. From my point of view - issue could be fixed on template side and to be clear - current CMS philosophy is: developer responsibility to maintain template and escape data provided by admin panel. If you want fix template - please provide PR - I will merge it.
@jmas Thank you for your attention to security problem !
Affected software : flexocms CMS
Version : v.0.1.5
Type of vulnerability : XSS (Cross-Site Scripting)
Author : Noth
Description: flexocms CMS is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages
Step 1 : login system
Step 2 : go to "admin/page/edit/4",There is a storage type XSS in the field (page title). "><svg/onload=alert(document.cookie)>
Step 3 : Back to the front desk ,Click "Contacts"