Closed edoardottt closed 1 year ago
Hi @edoardottt,
This is not a security issue. It's an administration area, and you must have enabled sa
privileges for editing those settings. If you look into the widgets/pages/layouts you can easily inject scripts (and not only for client-side...).
Tested version: 8c2c8909 (latest)
Steps to reproduce the vulnerability:
"</script><script>alert(document.domain)</script>
as CDN (for jComponent Library) in settings.Each time a target will visit the dashboard the payload will fire, even if the target is not logged in! Since the wesbite redirects to /admin/ presenting the login form, but the payload is reflected also there.
In order to test this, just click logout and reload the page.