An authenticated malicious user can take advantage of a XSS vulnerability in the "Modify Group" feature in Admin
Steps to Reproduce:
Login into the Admin panel
Go to '/backend/groups/index.php'
Add group with name '">
Save group.
Impact
Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the
site, the user may be more likely to trust the request and actually install the malware.
Defacement - attacker can deface the website using javascript code.
The text was updated successfully, but these errors were encountered:
An authenticated malicious user can take advantage of a XSS vulnerability in the "Modify Group" feature in Admin
Steps to Reproduce:
Login into the Admin panel
Go to '/backend/groups/index.php'
Add group with name '">
Save group.
Impact
Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the
site, the user may be more likely to trust the request and actually install the malware.
Defacement - attacker can deface the website using javascript code.
Summary
An authenticated malicious user can take advantage of a XSS vulnerability in the "Modify Group" feature in Admin
Steps to Reproduce:
Impact
Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the
site, the user may be more likely to trust the request and actually install the malware.
Defacement - attacker can deface the website using javascript code.
The text was updated successfully, but these errors were encountered: