Open honcbb opened 7 years ago
Hi, I'm in your 7 version open source found to detail_template.php this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS
Affected Files:
/template/default-rtl/detail_template.php
Poc Payload:
http://site/template/default-rtl/detail_template.php?id=%22%3E%3Csvg/onload=alert(domain)%3E%22
Resolving: Filtering encoding or escaping
Hi, I'm in your 7 version open source found to detail_template.php this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS
Affected Files:
/template/default-rtl/detail_template.php
Poc Payload:
http://site/template/default-rtl/detail_template.php?id=%22%3E%3Csvg/onload=alert(domain)%3E%22
Resolving: Filtering encoding or escaping