intelliants / subrion

Subrion CMS - open source php content management system.
https://subrion.org/
GNU General Public License v3.0
284 stars 119 forks source link

Cross Site Scripting (XSS) in Members Add #895

Open sinemsahn opened 2 years ago

sinemsahn commented 2 years ago

Describe the bug Cross Site Scripting (XSS) in the fiekd tooltip section of the members add page. version: 4.2.1

To Reproduce Steps to reproduce the behavior:

Go to 'CMS Field Add page' Insert into a XSS payload in tooltip section And XSS save Go to 'Members add page' xss payload works automatically

image

image

vbezruchkin commented 2 years ago

Why would a person that has access to admin panel dot this type? Just curious how you see it.

sinemsahn commented 2 years ago

A person who has infiltrated the system can try all means from a malicious point of view. And that's one of the options he could look at

sinemsahn commented 1 year ago

I want to get cve like this. A cve has been given in your previous products for such clarity. Can you help me?

Thanks.

sinemsahn commented 1 year ago

@vbezruchkin

junni18 commented 1 year ago

stop alert

On Wed, Dec 21, 2022 at 1:47 AM Sinem Şahin @.***> wrote:

@vbezruchkin https://github.com/vbezruchkin

— Reply to this email directly, view it on GitHub https://github.com/intelliants/subrion/issues/895#issuecomment-1359899111, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF3MRRIWQKRETKRDLTE3JR3WOHWMFANCNFSM6AAAAAARAIMDKI . You are receiving this because you are subscribed to this thread.Message ID: @.***>