Skip to content

XSS Vulnerability on Modify Group Page #408

Closed
@aydinnyunus

Description

Summary

An authenticated malicious user can take advantage of a XSS vulnerability in the "Modify Group" feature in Admin

Steps to Reproduce:

  • Login into the Admin panel
  • Go to '/backend/groups/index.php'
  • Add group with name '">
  • Save group.

Impact

Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the
site, the user may be more likely to trust the request and actually install the malware.
Defacement - attacker can deface the website using javascript code.

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions