Skip to content

Cms exists in xss vulnerability #5

New issue
New issue
Open
Open
Cms exists in xss vulnerability#5
@China-Eugene

Description

@China-Eugene
China-Eugene
opened on Jun 16, 2019

When an intruder enters the backstage of a website, xss playlod can be added to the website ad management, which will trigger an attack when the user visits the website.
Vulnerability url:
http://127.0.0.1/mipcms/?s=/admin/addons/ad/AdminAd/adList

Vulnerability POC:

<script>alert(/xss/)</script>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions