search

monstra-cms / monstra

THIS PROJECT IS NOT SUPPORTED ANYMORE! Check FLEXTYPE.ORG
http://flextype.org
MIT License
396 stars 123 forks source link

There is a stored XSS vulnerability that can triage JavaScript code #435

Open magicming200 opened 6 years ago

magicming200 commented 6 years ago

Hi, I have found a stored XSS vulnerability. Not same with issue #427 . The trigger is in page's content section, not title section.

Steps to replicate:

  1. log into the system as an editor role
  2. creat a new page in the blog catalog
  3. navigate to content section
  4. enter payload as shown in below section <script>alert(document.cookie)</script>
  5. visit http:///monstra/blog/.php
  6. you will triage JavaScript execution

Impacts: Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, and guest.

Affected Version: 3.0.4

Affected URL: http:///monstra/blog/.php