search

monstra-cms / monstra

THIS PROJECT IS NOT SUPPORTED ANYMORE! Check FLEXTYPE.ORG
http://flextype.org
MIT License
396 stars 123 forks source link

XSS (via SVG file upload) in Monstra-dev #451

Open security-breachlock opened 6 years ago

security-breachlock commented 6 years ago

Affected software: Monstra-dev

Type of vulnerability: XSS (via SVG file upload)

Discovered by: BreachLock

Website: https://www.breachlock.com

Author: Balvinder Singh

Description: SVG files can contain Javascript in Githubissues.

  • Githubissues is a development platform for aggregating issues.