Closed mistry-jignesh closed 9 months ago
@mistry-jignesh , this is not security issue, this is working fine, if there is no any type selected then will not get any template file of field so this will not show any field at front-back side in event form
As per @ritakikani - This is not security issue, this is working fine, if there is no any type selected then will not get any template file of field so this will not show any field at front-back side in event form
So I closed the issue.
First, go to the backend. Click on the field editor section.
Launch Burp Suite to capture the network traffic. Click on "save changes" below the form. Burp Suite will intercept the outgoing POST request. Modify the value of the event[banner][type] parameter to onmouseover="alert(/XSS/) and then allow the request to proceed.
Now check that the field editor banner field type is changed to the Text type field Also, the frontend post and event page banner is removed. Only a label is available on the form.